From 3b2c39901a24d660aaf3d220448d8a49df5c6fcf Mon Sep 17 00:00:00 2001
From: Kim Alvefur <zash@zash.se>
Date: Thu, 16 Sep 2021 09:52:51 +0200
Subject: core.certmanager: Disable DANE name checks (not needed for XMPP)

Pending https://github.com/brunoos/luasec/pull/179

Should not be done globally, but rather only for s2sout, but that would
have to be in mod_tls then.
---
 core/certmanager.lua | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'core')

diff --git a/core/certmanager.lua b/core/certmanager.lua
index efb01d50..bde98621 100644
--- a/core/certmanager.lua
+++ b/core/certmanager.lua
@@ -251,7 +251,7 @@ local core_defaults = {
 		"!3DES",       -- 3DES - slow and of questionable security
 		"!aNULL",      -- Ciphers that does not authenticate the connection
 	};
-	dane = configmanager.get("*", "use_dane");
+	dane = luasec_has.capabilities.dane and configmanager.get("*", "use_dane") and { "no_ee_namechecks" };
 }
 
 local mozilla_ssl_configs = {
-- 
cgit v1.2.3