From b9005e7b8af2f0c707d9497d334fdc5318db55cc Mon Sep 17 00:00:00 2001
From: Kim Alvefur <zash@zash.se>
Date: Mon, 20 Nov 2017 00:26:41 +0100
Subject: certmanager: Filter out curves not supported by LuaSec

---
 core/certmanager.lua | 12 ++++++++++++
 1 file changed, 12 insertions(+)

(limited to 'core/certmanager.lua')

diff --git a/core/certmanager.lua b/core/certmanager.lua
index dd6cabae..e13a5d8e 100644
--- a/core/certmanager.lua
+++ b/core/certmanager.lua
@@ -27,6 +27,7 @@ local stat = require "lfs".attributes;
 
 local tonumber, tostring = tonumber, tostring;
 local pairs = pairs;
+local t_remove = table.remove;
 local type = type;
 local io_open = io.open;
 local select = select;
@@ -131,6 +132,17 @@ local core_defaults = {
 		"!aNULL",      -- Ciphers that does not authenticate the connection
 	};
 }
+
+if luasec_has.curves then
+	for i = #core_defaults.curveslist, 1, -1 do
+		if not luasec_has.curves[ core_defaults.curveslist[i] ] then
+			t_remove(core_defaults.curveslist, i);
+		end
+	end
+else
+	core_defaults.curveslist = nil;
+end
+
 local path_options = { -- These we pass through resolve_path()
 	key = true, certificate = true, cafile = true, capath = true, dhparam = true
 }
-- 
cgit v1.2.3