From 7b6a2f64e227a2cd41c1925d8dda7944ac450f46 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sat, 4 Nov 2023 15:59:51 +0100 Subject: core.certmanager: Handle dane context setting same way on reload as on initialization --- core/certmanager.lua | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) (limited to 'core') diff --git a/core/certmanager.lua b/core/certmanager.lua index 183680ee..263797e5 100644 --- a/core/certmanager.lua +++ b/core/certmanager.lua @@ -369,7 +369,13 @@ local function reload_ssl_config() if tls.features.options.no_compression then core_defaults.options.no_compression = configmanager.get("*", "ssl_compression") ~= true; end - core_defaults.dane = configmanager.get("*", "use_dane") or false; + if not configmanager.get("*", "use_dane") then + core_defaults.dane = false; + elseif tls.features.capabilities.dane then + core_defaults.dane = { "no_ee_namechecks" }; + else + core_defaults.dane = true; + end cert_index = index_certs(resolve_path(config_path, global_certificates)); end -- cgit v1.2.3