Mercurial > prosody-hg
comparison core/certmanager.lua @ 11560:3bbb1af92514
Merge 0.11->trunk
| author | Matthew Wild <mwild1@gmail.com> |
|---|---|
| date | Thu, 13 May 2021 11:17:13 +0100 |
| parents | 30feeb4d9d0b aaf9c6b6d18d |
| children | e7a964572f6b |
comparison
equal
deleted
inserted
replaced
| 11538:30feeb4d9d0b | 11560:3bbb1af92514 |
|---|---|
| 40 local prosody = prosody; | 40 local prosody = prosody; |
| 41 local pathutil = require"util.paths"; | 41 local pathutil = require"util.paths"; |
| 42 local resolve_path = pathutil.resolve_relative_path; | 42 local resolve_path = pathutil.resolve_relative_path; |
| 43 local config_path = prosody.paths.config or "."; | 43 local config_path = prosody.paths.config or "."; |
| 44 | 44 |
| 45 local function test_option(option) | |
| 46 return not not ssl_newcontext({mode="server",protocol="sslv23",options={ option }}); | |
| 47 end | |
| 48 | |
| 45 local luasec_major, luasec_minor = ssl._VERSION:match("^(%d+)%.(%d+)"); | 49 local luasec_major, luasec_minor = ssl._VERSION:match("^(%d+)%.(%d+)"); |
| 46 local luasec_version = tonumber(luasec_major) * 100 + tonumber(luasec_minor); | 50 local luasec_version = tonumber(luasec_major) * 100 + tonumber(luasec_minor); |
| 47 -- TODO Use ssl.config instead of require here once we are sure that the fix | 51 local luasec_has = ssl.config or softreq"ssl.config" or { |
| 48 -- in LuaSec has been widely distributed | |
| 49 -- https://github.com/brunoos/luasec/issues/149 | |
| 50 local luasec_has = softreq"ssl.config" or { | |
| 51 algorithms = { | 52 algorithms = { |
| 52 ec = luasec_version >= 5; | 53 ec = luasec_version >= 5; |
| 53 }; | 54 }; |
| 54 capabilities = { | 55 capabilities = { |
| 55 curves_list = luasec_version >= 7; | 56 curves_list = luasec_version >= 7; |
| 56 }; | 57 }; |
| 57 options = { | 58 options = { |
| 58 cipher_server_preference = luasec_version >= 2; | 59 cipher_server_preference = test_option("cipher_server_preference"); |
| 59 no_ticket = luasec_version >= 4; | 60 no_ticket = test_option("no_ticket"); |
| 60 no_compression = luasec_version >= 5; | 61 no_compression = test_option("no_compression"); |
| 61 single_dh_use = luasec_version >= 2; | 62 single_dh_use = test_option("single_dh_use"); |
| 62 single_ecdh_use = luasec_version >= 2; | 63 single_ecdh_use = test_option("single_ecdh_use"); |
| 64 no_renegotiation = test_option("no_renegotiation"); | |
| 63 }; | 65 }; |
| 64 }; | 66 }; |
| 65 | 67 |
| 66 local _ENV = nil; | 68 local _ENV = nil; |
| 67 -- luacheck: std none | 69 -- luacheck: std none |
| 217 cipher_server_preference = luasec_has.options.cipher_server_preference; | 219 cipher_server_preference = luasec_has.options.cipher_server_preference; |
| 218 no_ticket = luasec_has.options.no_ticket; | 220 no_ticket = luasec_has.options.no_ticket; |
| 219 no_compression = luasec_has.options.no_compression and configmanager.get("*", "ssl_compression") ~= true; | 221 no_compression = luasec_has.options.no_compression and configmanager.get("*", "ssl_compression") ~= true; |
| 220 single_dh_use = luasec_has.options.single_dh_use; | 222 single_dh_use = luasec_has.options.single_dh_use; |
| 221 single_ecdh_use = luasec_has.options.single_ecdh_use; | 223 single_ecdh_use = luasec_has.options.single_ecdh_use; |
| 224 no_renegotiation = luasec_has.options.no_renegotiation; | |
| 222 }; | 225 }; |
| 223 verifyext = { | 226 verifyext = { |
| 224 "lsec_continue", -- Continue past certificate verification errors | 227 "lsec_continue", -- Continue past certificate verification errors |
| 225 "lsec_ignore_purpose", -- Validate client certificates as if they were server certificates | 228 "lsec_ignore_purpose", -- Validate client certificates as if they were server certificates |
| 226 }; | 229 }; |
