Mercurial Mercurial > prosody > prosody-modules / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
mod_firewall/definitions.lib.lua
changeset 4131 e9e10ec1b91c
parent 4021 015452258952
child 4516 b88f05c878ac 
--- a/mod_firewall/definitions.lib.lua	Tue Sep 15 11:45:09 2020 +0100
+++ b/mod_firewall/definitions.lib.lua	Tue Sep 15 11:49:55 2020 +0100
@@ -104,8 +104,17 @@
 			local etag;
 			local failure_count = 0;
 			local retry_intervals = { 60, 120, 300 };
+			-- By default only check the certificate if net.http supports SNI
+			local sni_supported = http.feature and http.features.sni;
+			local insecure = false;
+			if opts.checkcert == "never" then
+				insecure = true;
+			elseif (opts.checkcert == nil or opts.checkcert == "when-sni") and not sni_supported then
+				insecure = false;
+			end
 			local function update_list()
 				http.request(url, {
+					insecure = insecure;
 					headers = {
 						["If-None-Match"] = etag;
 					};
prosody-modules