core.certmanager: Disable DANE name checks (not needed for XMPP)
Pending https://github.com/brunoos/luasec/pull/179
Should not be done globally, but rather only for s2sout, but that would
have to be in mod_tls then.
--- a/core/certmanager.lua Tue Jan 04 23:16:02 2022 +0100
+++ b/core/certmanager.lua Thu Sep 16 09:52:51 2021 +0200
@@ -251,7 +251,7 @@
"!3DES", -- 3DES - slow and of questionable security
"!aNULL", -- Ciphers that does not authenticate the connection
};
- dane = configmanager.get("*", "use_dane");
+ dane = luasec_has.capabilities.dane and configmanager.get("*", "use_dane") and { "no_ee_namechecks" };
}
local mozilla_ssl_configs = {