Mercurial > prosody-hg
comparison core/certmanager.lua @ 6496:e4b998ffc922 0.9.6
certmanager, net.http: Disable SSLv3 by default
| author | Matthew Wild <mwild1@gmail.com> |
|---|---|
| date | Tue, 14 Oct 2014 18:55:08 +0100 |
| parents | f7601ce30cfc |
| children | 71b6e8b48a12 |
comparison
equal
deleted
inserted
replaced
| 6472:acae6289e0a6 | 6496:e4b998ffc922 |
|---|---|
| 31 | 31 |
| 32 -- Global SSL options if not overridden per-host | 32 -- Global SSL options if not overridden per-host |
| 33 local default_ssl_config = configmanager.get("*", "ssl"); | 33 local default_ssl_config = configmanager.get("*", "ssl"); |
| 34 local default_capath = "/etc/ssl/certs"; | 34 local default_capath = "/etc/ssl/certs"; |
| 35 local default_verify = (ssl and ssl.x509 and { "peer", "client_once", }) or "none"; | 35 local default_verify = (ssl and ssl.x509 and { "peer", "client_once", }) or "none"; |
| 36 local default_options = { "no_sslv2", "cipher_server_preference", luasec_has_noticket and "no_ticket" or nil }; | 36 local default_options = { "no_sslv2", "no_sslv3", "cipher_server_preference", luasec_has_noticket and "no_ticket" or nil }; |
| 37 local default_verifyext = { "lsec_continue", "lsec_ignore_purpose" }; | 37 local default_verifyext = { "lsec_continue", "lsec_ignore_purpose" }; |
| 38 | 38 |
| 39 if ssl and not luasec_has_verifyext and ssl.x509 then | 39 if ssl and not luasec_has_verifyext and ssl.x509 then |
| 40 -- COMPAT mw/luasec-hg | 40 -- COMPAT mw/luasec-hg |
| 41 for i=1,#default_verifyext do -- Remove lsec_ prefix | 41 for i=1,#default_verifyext do -- Remove lsec_ prefix |
