core.certmanager: Support 'use_dane' setting to enable DANE support

Removes the need to enable DANE with two separate settings. Previously you had to also set `ssl = { dane = true }` to activate DANE support in LuaSec and OpenSSL.
author: Kim Alvefur <zash@zash.se> 2021-07-18 22:46:57 +0200
committer: Kim Alvefur <zash@zash.se> 2021-07-18 22:46:57 +0200
commit: 4d26d4cb157143e7a9e4a0418fff9d8841cc9928 (patch)
tree: 2a208a1692d3c08eed2baa4cb41c4a503d0cd23d /core
parent: 360eda6cd3551f5023c7f5c0d5100bf8b6320f69 (diff)
download: prosody-4d26d4cb157143e7a9e4a0418fff9d8841cc9928.tar.gz
prosody-4d26d4cb157143e7a9e4a0418fff9d8841cc9928.zip
1 files changed, 2 insertions, 0 deletions
diff --git a/core/certmanager.lua b/core/certmanager.lua
index 753eb4d5..7c7fc150 100644
--- a/core/certmanager.lua
+++ b/core/certmanager.lua
@@ -244,6 +244,7 @@ local core_defaults = {
 		"!3DES",       -- 3DES - slow and of questionable security
 		"!aNULL",      -- Ciphers that does not authenticate the connection
 	};
+	dane = configmanager.get("*", "use_dane");
 }
 
 if luasec_has.curves then
@@ -360,6 +361,7 @@ local function reload_ssl_config()
 	if luasec_has.options.no_compression then
 		core_defaults.options.no_compression = configmanager.get("*", "ssl_compression") ~= true;
 	end
+	core_defaults.dane = configmanager.get("*", "use_dane") or false;
 	cert_index = index_certs(resolve_path(config_path, global_certificates));
 end
author	Kim Alvefur <zash@zash.se>	2021-07-18 22:46:57 +0200
committer	Kim Alvefur <zash@zash.se>	2021-07-18 22:46:57 +0200
commit	4d26d4cb157143e7a9e4a0418fff9d8841cc9928 (patch)
tree	2a208a1692d3c08eed2baa4cb41c4a503d0cd23d /core
parent	360eda6cd3551f5023c7f5c0d5100bf8b6320f69 (diff)
download	prosody-4d26d4cb157143e7a9e4a0418fff9d8841cc9928.tar.gz prosody-4d26d4cb157143e7a9e4a0418fff9d8841cc9928.zip