core.certmanager: Disable DANE name checks (not needed for XMPP)

Pending https://github.com/brunoos/luasec/pull/179 Should not be done globally, but rather only for s2sout, but that would have to be in mod_tls then.
author: Kim Alvefur <zash@zash.se> 2021-09-16 09:52:51 +0200
committer: Kim Alvefur <zash@zash.se> 2021-09-16 09:52:51 +0200
commit: 3b2c39901a24d660aaf3d220448d8a49df5c6fcf (patch)
tree: d6fdae321250d1e22e7f160eca2f410ee38df320 /core
parent: 91172308d6b888a34ee190ca703d7a80cfbd21bc (diff)
download: prosody-3b2c39901a24d660aaf3d220448d8a49df5c6fcf.tar.gz
prosody-3b2c39901a24d660aaf3d220448d8a49df5c6fcf.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/core/certmanager.lua b/core/certmanager.lua
index efb01d50..bde98621 100644
--- a/core/certmanager.lua
+++ b/core/certmanager.lua
@@ -251,7 +251,7 @@ local core_defaults = {
 		"!3DES",       -- 3DES - slow and of questionable security
 		"!aNULL",      -- Ciphers that does not authenticate the connection
 	};
-	dane = configmanager.get("*", "use_dane");
+	dane = luasec_has.capabilities.dane and configmanager.get("*", "use_dane") and { "no_ee_namechecks" };
 }
 
 local mozilla_ssl_configs = {
author	Kim Alvefur <zash@zash.se>	2021-09-16 09:52:51 +0200
committer	Kim Alvefur <zash@zash.se>	2021-09-16 09:52:51 +0200
commit	3b2c39901a24d660aaf3d220448d8a49df5c6fcf (patch)
tree	d6fdae321250d1e22e7f160eca2f410ee38df320 /core
parent	91172308d6b888a34ee190ca703d7a80cfbd21bc (diff)
download	prosody-3b2c39901a24d660aaf3d220448d8a49df5c6fcf.tar.gz prosody-3b2c39901a24d660aaf3d220448d8a49df5c6fcf.zip