From 3674d9327763a1c9a69d86d72680de1651fa6511 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Mon, 21 Apr 2014 02:43:09 +0200 Subject: certmanager: Move ssl.protocol handling to after ssl.options is a table (thanks Ralph) --- core/certmanager.lua | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/core/certmanager.lua b/core/certmanager.lua index ced17e58..74da771e 100644 --- a/core/certmanager.lua +++ b/core/certmanager.lua @@ -16,6 +16,7 @@ local pairs = pairs; local type = type; local io_open = io.open; local t_concat = table.concat; +local t_insert = table.insert; local prosody = prosody; local resolve_path = configmanager.resolve_relative_path; @@ -100,14 +101,6 @@ function create_context(host, mode, user_ssl_config) end end - local min_protocol = protocols[user_ssl_config.protocol]; - if min_protocol then - user_ssl_config.protocol = "sslv23"; - for i = min_protocol, 1, -1 do - user_ssl_config.options["no_"..protocols[i]] = true; - end - end - for option in pairs(set_options) do local merged = {}; merge_set(core_defaults[option], merged); @@ -124,6 +117,14 @@ function create_context(host, mode, user_ssl_config) user_ssl_config[option] = final_array; end + local min_protocol = protocols[user_ssl_config.protocol]; + if min_protocol then + user_ssl_config.protocol = "sslv23"; + for i = 1, min_protocol do + t_insert(user_ssl_config.options, "no_"..protocols[i]); + end + end + -- We can't read the password interactively when daemonized user_ssl_config.password = user_ssl_config.password or function() log("error", "Encrypted certificate for %s requires 'ssl' 'password' to be set in config", host); end; -- cgit v1.2.3