util.sslconfig: Support DH parameters as literal string

Simplifies shipping well-known DH parameters in the config
author: Kim Alvefur <zash@zash.se> 2024-07-12 15:21:08 +0200
committer: Kim Alvefur <zash@zash.se> 2024-07-12 15:21:08 +0200
commit: dd657746b490c203d3e503d9359fec9dca6884fd (patch)
tree: c5002acd7770c2c696c43873cf9d798d4ba62d50 /util
parent: b9cfebff245640c9074efac52cc4bdc8ee10bea8 (diff)
download: prosody-dd657746b490c203d3e503d9359fec9dca6884fd.tar.gz
prosody-dd657746b490c203d3e503d9359fec9dca6884fd.zip
1 files changed, 12 insertions, 2 deletions
diff --git a/util/sslconfig.lua b/util/sslconfig.lua
index 7b0ed34a..01a8adb5 100644
--- a/util/sslconfig.lua
+++ b/util/sslconfig.lua
@@ -84,8 +84,18 @@ end
 finalisers.certificate = finalisers.key;
 finalisers.cafile = finalisers.key;
 finalisers.capath = finalisers.key;
--- XXX: copied from core/certmanager.lua, but this seems odd, because it would remove a dhparam function from the config
-finalisers.dhparam = finalisers.key;
+
+function finalisers.dhparam(value, config)
+	if type(value) == "string" then
+		if value:sub(1, 10) == "-----BEGIN" then
+			-- literal value
+			return value;
+		else
+			-- assume a filename
+			return resolve_path(config._basedir, value);
+		end
+	end
+end
 
 -- protocol = "x" should enable only that protocol
 -- protocol = "x+" should enable x and later versions
author	Kim Alvefur <zash@zash.se>	2024-07-12 15:21:08 +0200
committer	Kim Alvefur <zash@zash.se>	2024-07-12 15:21:08 +0200
commit	dd657746b490c203d3e503d9359fec9dca6884fd (patch)
tree	c5002acd7770c2c696c43873cf9d798d4ba62d50 /util
parent	b9cfebff245640c9074efac52cc4bdc8ee10bea8 (diff)
download	prosody-dd657746b490c203d3e503d9359fec9dca6884fd.tar.gz prosody-dd657746b490c203d3e503d9359fec9dca6884fd.zip