diff options
| author | Kim Alvefur <zash@zash.se> | 2023-05-27 15:39:26 +0200 |
|---|---|---|
| committer | Kim Alvefur <zash@zash.se> | 2023-05-27 15:39:26 +0200 |
| commit | 296710c701edda6697bc9dd537e83bf38dbc9289 (patch) | |
| tree | 53d071637b072eb83616d869ff8527ea82319b1e /net | |
| parent | 09a2018e4011c00a7a3a33befc1d61dc8c4a3c6c (diff) | |
| download | prosody-296710c701edda6697bc9dd537e83bf38dbc9289.tar.gz prosody-296710c701edda6697bc9dd537e83bf38dbc9289.zip | |
net.certmanager: Move LuaSec feature detection to net.tls_luasec
Further isolates LuaSec from Prosody core, with the ultimate goal of
allowing LuaSec to be replaced more easily.
Diffstat (limited to 'net')
| -rw-r--r-- | net/tls_luasec.lua | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/net/tls_luasec.lua b/net/tls_luasec.lua index 2bedb5ab..917669b8 100644 --- a/net/tls_luasec.lua +++ b/net/tls_luasec.lua @@ -84,6 +84,30 @@ local function new_context(cfg, builder) }, context_mt), nil end +-- Feature detection / guessing +local function test_option(option) + return not not ssl_newcontext({mode="server",protocol="sslv23",options={ option }}); +end +local luasec_major, luasec_minor = ssl._VERSION:match("^(%d+)%.(%d+)"); +local luasec_version = tonumber(luasec_major) * 100 + tonumber(luasec_minor); +local luasec_has = ssl.config or { + algorithms = { + ec = luasec_version >= 5; + }; + capabilities = { + curves_list = luasec_version >= 7; + }; + options = { + cipher_server_preference = test_option("cipher_server_preference"); + no_ticket = test_option("no_ticket"); + no_compression = test_option("no_compression"); + single_dh_use = test_option("single_dh_use"); + single_ecdh_use = test_option("single_ecdh_use"); + no_renegotiation = test_option("no_renegotiation"); + }; +}; + return { + features = luasec_has; new_context = new_context, }; |