Mercurial > prosody-hg
comparison core/certmanager.lua @ 5816:20e2b588f8c2
certmanager: Allow for specifying the dhparam option as a path to a file instead of a callback
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Tue, 03 Sep 2013 13:13:31 +0200 |
| parents | b93d096607b4 |
| children | 441876452b9c 6bc4077bc1f9 |
comparison
equal
deleted
inserted
replaced
| 5815:b93d096607b4 | 5816:20e2b588f8c2 |
|---|---|
| 70 curve = user_ssl_config.curve or "secp384r1"; | 70 curve = user_ssl_config.curve or "secp384r1"; |
| 71 ciphers = user_ssl_config.ciphers or "HIGH:!DSS:!aNULL@STRENGTH"; | 71 ciphers = user_ssl_config.ciphers or "HIGH:!DSS:!aNULL@STRENGTH"; |
| 72 dhparam = user_ssl_config.dhparam; | 72 dhparam = user_ssl_config.dhparam; |
| 73 }; | 73 }; |
| 74 | 74 |
| 75 -- LuaSec expects dhparam to be a callback that takes two arguments. | |
| 76 -- We ignore those because it is mostly used for having a separate | |
| 77 -- set of params for EXPORT ciphers, which we don't have by default. | |
| 78 if type(user_ssl_config.dhparam) == "string" then | |
| 79 local f, err = io_open(resolve_path(user_ssl_config.dhparam)); | |
| 80 if not f then return nil, "Could not open DH parameters: "..err end | |
| 81 local dhparam = f:read("*a"); | |
| 82 f:close(); | |
| 83 user_ssl_config.dhparam = function() return dhparam; end | |
| 84 end | |
| 85 | |
| 75 local ctx, err = ssl_newcontext(ssl_config); | 86 local ctx, err = ssl_newcontext(ssl_config); |
| 76 | 87 |
| 77 -- COMPAT: LuaSec 0.4.1 ignores the cipher list from the config, so we have to take | 88 -- COMPAT: LuaSec 0.4.1 ignores the cipher list from the config, so we have to take |
| 78 -- care of it ourselves... | 89 -- care of it ourselves... |
| 79 if ctx and ssl_config.ciphers then | 90 if ctx and ssl_config.ciphers then |
