From dd657746b490c203d3e503d9359fec9dca6884fd Mon Sep 17 00:00:00 2001
From: Kim Alvefur <zash@zash.se>
Date: Fri, 12 Jul 2024 15:21:08 +0200
Subject: util.sslconfig: Support DH parameters as literal string

Simplifies shipping well-known DH parameters in the config
---
 net/tls_luasec.lua | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'net')

diff --git a/net/tls_luasec.lua b/net/tls_luasec.lua
index 3af2fc6b..4e4e92ed 100644
--- a/net/tls_luasec.lua
+++ b/net/tls_luasec.lua
@@ -54,7 +54,10 @@ local function new_context(cfg, builder)
 	-- LuaSec expects dhparam to be a callback that takes two arguments.
 	-- We ignore those because it is mostly used for having a separate
 	-- set of params for EXPORT ciphers, which we don't have by default.
-	if type(cfg.dhparam) == "string" then
+	if type(cfg.dhparam) == "string" and cfg.dhparam:sub(1, 10) == "-----BEGIN" then
+		local dhparam = cfg.dhparam;
+		cfg.dhparam = function() return dhparam; end
+	elseif type(cfg.dhparam) == "string" then
 		local f, err = io_open(cfg.dhparam);
 		if not f then return nil, "Could not open DH parameters: "..err end
 		local dhparam = f:read("*a");
-- 
cgit v1.2.3