Mercurial Mercurial > prosody > prosody / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
core.certmanager: Disable DANE name checks (not needed for XMPP)
authorKim Alvefur <zash@zash.se>
Thu, 16 Sep 2021 09:52:51 +0200
changeset 12154 653a48b5a25b
parent 12153 bbbf0dd90b6d
child 12155 669d93f1db6a
core.certmanager: Disable DANE name checks (not needed for XMPP) Pending https://github.com/brunoos/luasec/pull/179 Should not be done globally, but rather only for s2sout, but that would have to be in mod_tls then.
core/certmanager.lua file | annotate | diff | comparison | revisions 
--- a/core/certmanager.lua	Tue Jan 04 23:16:02 2022 +0100
+++ b/core/certmanager.lua	Thu Sep 16 09:52:51 2021 +0200
@@ -251,7 +251,7 @@
 		"!3DES",       -- 3DES - slow and of questionable security
 		"!aNULL",      -- Ciphers that does not authenticate the connection
 	};
-	dane = configmanager.get("*", "use_dane");
+	dane = luasec_has.capabilities.dane and configmanager.get("*", "use_dane") and { "no_ee_namechecks" };
 }
 
 local mozilla_ssl_configs = {
prosody