aboutsummaryrefslogtreecommitdiffstats
path: root/core
diff options
context:
space:
mode:
authorMatthew Wild <mwild1@gmail.com>2021-05-13 11:17:13 +0100
committerMatthew Wild <mwild1@gmail.com>2021-05-13 11:17:13 +0100
commit5bc8b2a379e21901429e4d7f5e10e424ca85e403 (patch)
treedc46f3423a4319e09fe85402fa76f15568ad89d1 /core
parent37ad3b8fb2039684273b3cb63b5b573e879b04d7 (diff)
parenta95576d485eda2a273b4d66c4c2b363f88c5c43a (diff)
downloadprosody-5bc8b2a379e21901429e4d7f5e10e424ca85e403.tar.gz
prosody-5bc8b2a379e21901429e4d7f5e10e424ca85e403.zip
Merge 0.11->trunk
Diffstat (limited to 'core')
-rw-r--r--core/certmanager.lua21
1 files changed, 12 insertions, 9 deletions
diff --git a/core/certmanager.lua b/core/certmanager.lua
index 69c8e32c..4d2649b0 100644
--- a/core/certmanager.lua
+++ b/core/certmanager.lua
@@ -42,12 +42,13 @@ local pathutil = require"util.paths";
local resolve_path = pathutil.resolve_relative_path;
local config_path = prosody.paths.config or ".";
+local function test_option(option)
+ return not not ssl_newcontext({mode="server",protocol="sslv23",options={ option }});
+end
+
local luasec_major, luasec_minor = ssl._VERSION:match("^(%d+)%.(%d+)");
local luasec_version = tonumber(luasec_major) * 100 + tonumber(luasec_minor);
--- TODO Use ssl.config instead of require here once we are sure that the fix
--- in LuaSec has been widely distributed
--- https://github.com/brunoos/luasec/issues/149
-local luasec_has = softreq"ssl.config" or {
+local luasec_has = ssl.config or softreq"ssl.config" or {
algorithms = {
ec = luasec_version >= 5;
};
@@ -55,11 +56,12 @@ local luasec_has = softreq"ssl.config" or {
curves_list = luasec_version >= 7;
};
options = {
- cipher_server_preference = luasec_version >= 2;
- no_ticket = luasec_version >= 4;
- no_compression = luasec_version >= 5;
- single_dh_use = luasec_version >= 2;
- single_ecdh_use = luasec_version >= 2;
+ cipher_server_preference = test_option("cipher_server_preference");
+ no_ticket = test_option("no_ticket");
+ no_compression = test_option("no_compression");
+ single_dh_use = test_option("single_dh_use");
+ single_ecdh_use = test_option("single_ecdh_use");
+ no_renegotiation = test_option("no_renegotiation");
};
};
@@ -219,6 +221,7 @@ local core_defaults = {
no_compression = luasec_has.options.no_compression and configmanager.get("*", "ssl_compression") ~= true;
single_dh_use = luasec_has.options.single_dh_use;
single_ecdh_use = luasec_has.options.single_ecdh_use;
+ no_renegotiation = luasec_has.options.no_renegotiation;
};
verifyext = {
"lsec_continue", -- Continue past certificate verification errors