From 2b09f7cffb7c04ec127d75b2776d8938f8ac2441 Mon Sep 17 00:00:00 2001
From: Kim Alvefur <zash@zash.se>
Date: Mon, 21 Apr 2014 02:43:09 +0200
Subject: certmanager: Move ssl.protocol handling to after ssl.options is a
 table (thanks Ralph)

---
 core/certmanager.lua | 17 +++++++++--------
 1 file changed, 9 insertions(+), 8 deletions(-)

(limited to 'core')

diff --git a/core/certmanager.lua b/core/certmanager.lua
index ced17e58..74da771e 100644
--- a/core/certmanager.lua
+++ b/core/certmanager.lua
@@ -16,6 +16,7 @@ local pairs = pairs;
 local type = type;
 local io_open = io.open;
 local t_concat = table.concat;
+local t_insert = table.insert;
 
 local prosody = prosody;
 local resolve_path = configmanager.resolve_relative_path;
@@ -100,14 +101,6 @@ function create_context(host, mode, user_ssl_config)
 		end
 	end
 
-	local min_protocol = protocols[user_ssl_config.protocol];
-	if min_protocol then
-		user_ssl_config.protocol = "sslv23";
-		for i = min_protocol, 1, -1 do
-			user_ssl_config.options["no_"..protocols[i]] = true;
-		end
-	end
-
 	for option in pairs(set_options) do
 		local merged = {};
 		merge_set(core_defaults[option], merged);
@@ -124,6 +117,14 @@ function create_context(host, mode, user_ssl_config)
 		user_ssl_config[option] = final_array;
 	end
 
+	local min_protocol = protocols[user_ssl_config.protocol];
+	if min_protocol then
+		user_ssl_config.protocol = "sslv23";
+		for i = 1, min_protocol do
+			t_insert(user_ssl_config.options, "no_"..protocols[i]);
+		end
+	end
+
 	-- We can't read the password interactively when daemonized
 	user_ssl_config.password = user_ssl_config.password or
 		function() log("error", "Encrypted certificate for %s requires 'ssl' 'password' to be set in config", host); end;
-- 
cgit v1.2.3