From 0315d775b2626b5cb62a73cf84a018f3abda0d7f Mon Sep 17 00:00:00 2001
From: Kim Alvefur <zash@zash.se>
Date: Mon, 20 Nov 2017 00:25:18 +0100
Subject: certmanager: Change table representing LuaSec capabilities to match
 capabilities table exposed in LuaSec 0.7

---
 core/certmanager.lua | 33 ++++++++++++++++++++-------------
 1 file changed, 20 insertions(+), 13 deletions(-)

(limited to 'core')

diff --git a/core/certmanager.lua b/core/certmanager.lua
index 2be66a21..dd6cabae 100644
--- a/core/certmanager.lua
+++ b/core/certmanager.lua
@@ -37,13 +37,20 @@ local config_path = prosody.paths.config or ".";
 
 local luasec_major, luasec_minor = ssl._VERSION:match("^(%d+)%.(%d+)");
 local luasec_version = tonumber(luasec_major) * 100 + tonumber(luasec_minor);
-local luasec_has = {
-	-- TODO If LuaSec ever starts exposing these things itself, use that instead
-	cipher_server_preference = luasec_version >= 2;
-	no_ticket = luasec_version >= 4;
-	no_compression = luasec_version >= 5;
-	single_dh_use = luasec_version >= 2;
-	single_ecdh_use = luasec_version >= 2;
+local luasec_has = softreq"ssl.config" or {
+	algorithms = {
+		ec = luasec_version >= 5;
+	};
+	capabilities = {
+		curves_list = luasec_version >= 7;
+	};
+	options = {
+		cipher_server_preference = luasec_version >= 2;
+		no_ticket = luasec_version >= 4;
+		no_compression = luasec_version >= 5;
+		single_dh_use = luasec_version >= 2;
+		single_ecdh_use = luasec_version >= 2;
+	};
 };
 
 local _ENV = nil;
@@ -99,11 +106,11 @@ local core_defaults = {
 	protocol = "tlsv1+";
 	verify = (ssl_x509 and { "peer", "client_once", }) or "none";
 	options = {
-		cipher_server_preference = luasec_has.cipher_server_preference;
-		no_ticket = luasec_has.no_ticket;
-		no_compression = luasec_has.no_compression and configmanager.get("*", "ssl_compression") ~= true;
-		single_dh_use = luasec_has.single_dh_use;
-		single_ecdh_use = luasec_has.single_ecdh_use;
+		cipher_server_preference = luasec_has.options.cipher_server_preference;
+		no_ticket = luasec_has.options.no_ticket;
+		no_compression = luasec_has.options.no_compression and configmanager.get("*", "ssl_compression") ~= true;
+		single_dh_use = luasec_has.options.single_dh_use;
+		single_ecdh_use = luasec_has.options.single_ecdh_use;
 	};
 	verifyext = { "lsec_continue", "lsec_ignore_purpose" };
 	curve = "secp384r1";
@@ -227,7 +234,7 @@ end
 local function reload_ssl_config()
 	global_ssl_config = configmanager.get("*", "ssl");
 	global_certificates = configmanager.get("*", "certificates") or "certs";
-	if luasec_has.no_compression then
+	if luasec_has.options.no_compression then
 		core_defaults.options.no_compression = configmanager.get("*", "ssl_compression") ~= true;
 	end
 end
-- 
cgit v1.2.3