From e8128c1d608cb18b1d1e913395fb9b897dd4525e Mon Sep 17 00:00:00 2001
From: Kim Alvefur <zash@zash.se>
Date: Fri, 27 Oct 2023 19:03:59 +0200
Subject: core.certmanager: Validate that 'tls_profile' is one of the valid
 values

A typo should not result in ending up with "legacy"
---
 core/certmanager.lua | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/core/certmanager.lua b/core/certmanager.lua
index c6310473..6a46588c 100644
--- a/core/certmanager.lua
+++ b/core/certmanager.lua
@@ -336,8 +336,11 @@ local function create_context(host, mode, ...)
 		password = function() log("error", "Encrypted certificate for %s requires 'ssl' 'password' to be set in config", host); end;
 	});
 	local profile = configmanager.get("*", "tls_profile") or "intermediate";
-	if profile ~= "legacy" then
+	if mozilla_ssl_configs[profile] then
 		cfg:apply(mozilla_ssl_configs[profile]);
+	elseif profile ~= "legacy" then
+		log("error", "Invalid value for 'tls_profile': expected one of \"modern\", \"intermediate\" (default), \"old\" or \"legacy\" but got %q", profile);
+		return nil, "Invalid configuration, 'tls_profile' had an unknown value.";
 	end
 	cfg:apply(global_ssl_config);
 
-- 
cgit v1.2.3