From 346f58c9d9fe2e876a140cce1763c585a6f1bdb0 Mon Sep 17 00:00:00 2001
From: Kim Alvefur <zash@zash.se>
Date: Sat, 15 Feb 2025 00:19:01 +0100
Subject: core.certmanager: Move LuaSec verification tweaks to mod_s2s

These two settings are only really needed for XMPP server-to-server
connections.
---
 core/certmanager.lua | 4 ----
 1 file changed, 4 deletions(-)

(limited to 'core')

diff --git a/core/certmanager.lua b/core/certmanager.lua
index 9e0ace6a..1c9cefed 100644
--- a/core/certmanager.lua
+++ b/core/certmanager.lua
@@ -189,10 +189,6 @@ local core_defaults = {
 		single_ecdh_use = tls.features.options.single_ecdh_use;
 		no_renegotiation = tls.features.options.no_renegotiation;
 	};
-	verifyext = {
-		"lsec_continue", -- Continue past certificate verification errors
-		"lsec_ignore_purpose", -- Validate client certificates as if they were server certificates
-	};
 	curve = tls.features.algorithms.ec and not tls.features.capabilities.curves_list and "secp384r1";
 	curveslist = {
 		"X25519",
-- 
cgit v1.2.3