From 73e76838f32bd636c0c190c0474bf734220db6c2 Mon Sep 17 00:00:00 2001 From: Waqas Hussain Date: Thu, 25 Aug 2011 12:09:16 +0500 Subject: certmanager: Support setting ciphers in SSL config. LuaSec apparently ignores the documented ciphers option. --- core/certmanager.lua | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) (limited to 'core/certmanager.lua') diff --git a/core/certmanager.lua b/core/certmanager.lua index 0dc0bfd4..7b8ca9e1 100644 --- a/core/certmanager.lua +++ b/core/certmanager.lua @@ -41,11 +41,19 @@ function create_context(host, mode, user_ssl_config) cafile = resolve_path(config_path, user_ssl_config.cafile); verify = user_ssl_config.verify or default_verify; options = user_ssl_config.options or default_options; - ciphers = user_ssl_config.ciphers; depth = user_ssl_config.depth; }; local ctx, err = ssl_newcontext(ssl_config); + + -- LuaSec ignores the cipher list from the config, so we have to take care + -- of it ourselves (W/A for #x) + if ctx and user_ssl_config.ciphers then + local success; + success, err = ssl.context.setcipher(ctx, user_ssl_config.ciphers); + if not success then ctx = nil; end + end + if not ctx then err = err or "invalid ssl config" local file = err:match("^error loading (.-) %("); -- cgit v1.2.3