Software `/` code `/` prosody

Annotate

core/certmanager.lua @ 5684:5554029d759b

certmanager: Overhaul of how ssl configs are built.

author	Kim Alvefur <zash@zash.se>
date	Thu, 13 Jun 2013 17:44:42 +0200
parent	5679:51f7de1b6bb5
child	5746:3137751751b4

rev	line source
3369 9a96969d4670 certmanager: Added copyright header. Waqas Hussain <waqas20@gmail.com> parents: 3368 diff changeset	1 -- Prosody IM
9a96969d4670 certmanager: Added copyright header. Waqas Hussain <waqas20@gmail.com> parents: 3368 diff changeset	2 -- Copyright (C) 2008-2010 Matthew Wild
9a96969d4670 certmanager: Added copyright header. Waqas Hussain <waqas20@gmail.com> parents: 3368 diff changeset	3 -- Copyright (C) 2008-2010 Waqas Hussain
9a96969d4670 certmanager: Added copyright header. Waqas Hussain <waqas20@gmail.com> parents: 3368 diff changeset	4 --
9a96969d4670 certmanager: Added copyright header. Waqas Hussain <waqas20@gmail.com> parents: 3368 diff changeset	5 -- This project is MIT/X11 licensed. Please see the
9a96969d4670 certmanager: Added copyright header. Waqas Hussain <waqas20@gmail.com> parents: 3368 diff changeset	6 -- COPYING file in the source package for more information.
9a96969d4670 certmanager: Added copyright header. Waqas Hussain <waqas20@gmail.com> parents: 3368 diff changeset	7 --
9a96969d4670 certmanager: Added copyright header. Waqas Hussain <waqas20@gmail.com> parents: 3368 diff changeset	8
2554 b877533d4ec9 certmanager: Hello world, I'm come to manage your SSL contexts Matthew Wild <mwild1@gmail.com> parents: diff changeset	9 local configmanager = require "core.configmanager";
2630 e8fc67b73820 certmanager: Bring back the friendly errors when failing to load the key/certificate file Matthew Wild <mwild1@gmail.com> parents: 2564 diff changeset	10 local log = require "util.logger".init("certmanager");
2554 b877533d4ec9 certmanager: Hello world, I'm come to manage your SSL contexts Matthew Wild <mwild1@gmail.com> parents: diff changeset	11 local ssl = ssl;
2564 6b4fe320a6ea certmanager: Fix traceback with no LuaSec Matthew Wild <mwild1@gmail.com> parents: 2563 diff changeset	12 local ssl_newcontext = ssl and ssl.newcontext;
2554 b877533d4ec9 certmanager: Hello world, I'm come to manage your SSL contexts Matthew Wild <mwild1@gmail.com> parents: diff changeset	13
4992 e79e4d1f75de certmanager: Remove unused import of setmetatable Matthew Wild <mwild1@gmail.com> parents: 4991 diff changeset	14 local tostring = tostring;
5684 5554029d759b certmanager: Overhaul of how ssl configs are built. Kim Alvefur <zash@zash.se> parents: 5679 diff changeset	15 local pairs = pairs;
2554 b877533d4ec9 certmanager: Hello world, I'm come to manage your SSL contexts Matthew Wild <mwild1@gmail.com> parents: diff changeset	16
b877533d4ec9 certmanager: Hello world, I'm come to manage your SSL contexts Matthew Wild <mwild1@gmail.com> parents: diff changeset	17 local prosody = prosody;
3609 954b1159f2f3 prosody, configmanager, certmanager: Relocate prosody.resolve_relative_path() to configmanager, and update certmanager (the only user of this function) Matthew Wild <mwild1@gmail.com> parents: 3571 diff changeset	18 local resolve_path = configmanager.resolve_relative_path;
3402 dfc369314e53 prosody.resolve_relative_path: Updated to take a parent path to resolve against. Waqas Hussain <waqas20@gmail.com> parents: 3400 diff changeset	19 local config_path = prosody.paths.config;
2554 b877533d4ec9 certmanager: Hello world, I'm come to manage your SSL contexts Matthew Wild <mwild1@gmail.com> parents: diff changeset	20
5621 63cfd59999b6 certmanager: Disable SSL compression if possible (LuaSec 0.5 or 0.4.1+OpenSSL 1.x) Matthew Wild <mwild1@gmail.com> parents: 5377 diff changeset	21 local luasec_has_noticket, luasec_has_verifyext, luasec_has_no_compression;
4991 bcbfcec620ac certmanager: Fix for traceback WITH LuaSec... (!) (thanks IRON) Matthew Wild <mwild1@gmail.com> parents: 4990 diff changeset	22 if ssl then
bcbfcec620ac certmanager: Fix for traceback WITH LuaSec... (!) (thanks IRON) Matthew Wild <mwild1@gmail.com> parents: 4990 diff changeset	23 local luasec_major, luasec_minor = ssl._VERSION:match("^(%d+)%.(%d+)");
bcbfcec620ac certmanager: Fix for traceback WITH LuaSec... (!) (thanks IRON) Matthew Wild <mwild1@gmail.com> parents: 4990 diff changeset	24 luasec_has_noticket = tonumber(luasec_major)>0 or tonumber(luasec_minor)>=4;
5282 4cd57cb49f99 core.certmanager: Add support for LuaSec 0.5. Also compat with MattJs luasec-hg Kim Alvefur <zash@zash.se> parents: 4992 diff changeset	25 luasec_has_verifyext = tonumber(luasec_major)>0 or tonumber(luasec_minor)>=5;
5621 63cfd59999b6 certmanager: Disable SSL compression if possible (LuaSec 0.5 or 0.4.1+OpenSSL 1.x) Matthew Wild <mwild1@gmail.com> parents: 5377 diff changeset	26 luasec_has_no_compression = tonumber(luasec_major)>0 or tonumber(luasec_minor)>=5;
4991 bcbfcec620ac certmanager: Fix for traceback WITH LuaSec... (!) (thanks IRON) Matthew Wild <mwild1@gmail.com> parents: 4990 diff changeset	27 end
4899 0b8134015635 certmanager: Don't use no_ticket option before LuaSec 0.4 Matthew Wild <mwild1@gmail.com> parents: 4890 diff changeset	28
2554 b877533d4ec9 certmanager: Hello world, I'm come to manage your SSL contexts Matthew Wild <mwild1@gmail.com> parents: diff changeset	29 module "certmanager"
b877533d4ec9 certmanager: Hello world, I'm come to manage your SSL contexts Matthew Wild <mwild1@gmail.com> parents: diff changeset	30
b877533d4ec9 certmanager: Hello world, I'm come to manage your SSL contexts Matthew Wild <mwild1@gmail.com> parents: diff changeset	31 -- Global SSL options if not overridden per-host
5684 5554029d759b certmanager: Overhaul of how ssl configs are built. Kim Alvefur <zash@zash.se> parents: 5679 diff changeset	32 local global_ssl_config = configmanager.get("*", "ssl");
5554029d759b certmanager: Overhaul of how ssl configs are built. Kim Alvefur <zash@zash.se> parents: 5679 diff changeset	33
5554029d759b certmanager: Overhaul of how ssl configs are built. Kim Alvefur <zash@zash.se> parents: 5679 diff changeset	34 local core_defaults = {
5554029d759b certmanager: Overhaul of how ssl configs are built. Kim Alvefur <zash@zash.se> parents: 5679 diff changeset	35 capath = "/etc/ssl/certs";
5554029d759b certmanager: Overhaul of how ssl configs are built. Kim Alvefur <zash@zash.se> parents: 5679 diff changeset	36 protocol = "sslv23";
5554029d759b certmanager: Overhaul of how ssl configs are built. Kim Alvefur <zash@zash.se> parents: 5679 diff changeset	37 verify = (ssl and ssl.x509 and { "peer", "client_once", }) or "none";
5554029d759b certmanager: Overhaul of how ssl configs are built. Kim Alvefur <zash@zash.se> parents: 5679 diff changeset	38 options = { "no_sslv2", luasec_has_noticket and "no_ticket" or nil };
5554029d759b certmanager: Overhaul of how ssl configs are built. Kim Alvefur <zash@zash.se> parents: 5679 diff changeset	39 verifyext = { "lsec_continue", "lsec_ignore_purpose" };
5554029d759b certmanager: Overhaul of how ssl configs are built. Kim Alvefur <zash@zash.se> parents: 5679 diff changeset	40 curve = "secp384r1";
5554029d759b certmanager: Overhaul of how ssl configs are built. Kim Alvefur <zash@zash.se> parents: 5679 diff changeset	41 }
5554029d759b certmanager: Overhaul of how ssl configs are built. Kim Alvefur <zash@zash.se> parents: 5679 diff changeset	42 local path_options = { -- These we pass through resolve_path()
5554029d759b certmanager: Overhaul of how ssl configs are built. Kim Alvefur <zash@zash.se> parents: 5679 diff changeset	43 key = true, certificate = true, cafile = true, capath = true
5554029d759b certmanager: Overhaul of how ssl configs are built. Kim Alvefur <zash@zash.se> parents: 5679 diff changeset	44 }
5282 4cd57cb49f99 core.certmanager: Add support for LuaSec 0.5. Also compat with MattJs luasec-hg Kim Alvefur <zash@zash.se> parents: 4992 diff changeset	45
5287 676a1a032d2f certmanager: Fix nil index if no LuaSec available Kim Alvefur <zash@zash.se> parents: 5282 diff changeset	46 if ssl and not luasec_has_verifyext and ssl.x509 then
5282 4cd57cb49f99 core.certmanager: Add support for LuaSec 0.5. Also compat with MattJs luasec-hg Kim Alvefur <zash@zash.se> parents: 4992 diff changeset	47 -- COMPAT mw/luasec-hg
5684 5554029d759b certmanager: Overhaul of how ssl configs are built. Kim Alvefur <zash@zash.se> parents: 5679 diff changeset	48 for i=1,#core_defaults.verifyext do -- Remove lsec_ prefix
5554029d759b certmanager: Overhaul of how ssl configs are built. Kim Alvefur <zash@zash.se> parents: 5679 diff changeset	49 core_defaults.verify[#core_defaults.verify+1] = core_defaults.verifyext[i]:sub(6);
5282 4cd57cb49f99 core.certmanager: Add support for LuaSec 0.5. Also compat with MattJs luasec-hg Kim Alvefur <zash@zash.se> parents: 4992 diff changeset	50 end
4cd57cb49f99 core.certmanager: Add support for LuaSec 0.5. Also compat with MattJs luasec-hg Kim Alvefur <zash@zash.se> parents: 4992 diff changeset	51 end
5684 5554029d759b certmanager: Overhaul of how ssl configs are built. Kim Alvefur <zash@zash.se> parents: 5679 diff changeset	52
5621 63cfd59999b6 certmanager: Disable SSL compression if possible (LuaSec 0.5 or 0.4.1+OpenSSL 1.x) Matthew Wild <mwild1@gmail.com> parents: 5377 diff changeset	53 if luasec_has_no_compression and configmanager.get("*", "ssl_compression") ~= true then
5684 5554029d759b certmanager: Overhaul of how ssl configs are built. Kim Alvefur <zash@zash.se> parents: 5679 diff changeset	54 core_defaults.options[#core_defaults.options+1] = "no_compression";
5678 b7ebeae14053 certmanager: Add single_dh_use and single_ecdh_use to default options Matthew Wild <mwild1@gmail.com> parents: 5676 diff changeset	55 end
b7ebeae14053 certmanager: Add single_dh_use and single_ecdh_use to default options Matthew Wild <mwild1@gmail.com> parents: 5676 diff changeset	56
3571 675d65036f31 certmanager, hostmanager, mod_tls: Move responsibility for creating per-host SSL contexts to mod_tls, meaning reloading certs is now as trivial as reloading mod_tls Matthew Wild <mwild1@gmail.com> parents: 3540 diff changeset	57 function create_context(host, mode, user_ssl_config)
5684 5554029d759b certmanager: Overhaul of how ssl configs are built. Kim Alvefur <zash@zash.se> parents: 5679 diff changeset	58 user_ssl_config = user_ssl_config or {}
5554029d759b certmanager: Overhaul of how ssl configs are built. Kim Alvefur <zash@zash.se> parents: 5679 diff changeset	59 user_ssl_config.mode = mode;
3370 7c87af1c9a68 certmanager: Fix to handle the case of no SSL configuration at all Matthew Wild <mwild1@gmail.com> parents: 3369 diff changeset	60
3400 502a634f0578 Merge 0.7->trunk Matthew Wild <mwild1@gmail.com> parents: 3372 3399 diff changeset	61 if not ssl then return nil, "LuaSec (required for encryption) was not found"; end
5684 5554029d759b certmanager: Overhaul of how ssl configs are built. Kim Alvefur <zash@zash.se> parents: 5679 diff changeset	62
5554029d759b certmanager: Overhaul of how ssl configs are built. Kim Alvefur <zash@zash.se> parents: 5679 diff changeset	63 if global_ssl_config then
5554029d759b certmanager: Overhaul of how ssl configs are built. Kim Alvefur <zash@zash.se> parents: 5679 diff changeset	64 for option,default_value in pairs(global_ssl_config) do
5554029d759b certmanager: Overhaul of how ssl configs are built. Kim Alvefur <zash@zash.se> parents: 5679 diff changeset	65 if not user_ssl_config[option] then
5554029d759b certmanager: Overhaul of how ssl configs are built. Kim Alvefur <zash@zash.se> parents: 5679 diff changeset	66 user_ssl_config[option] = default_value;
5554029d759b certmanager: Overhaul of how ssl configs are built. Kim Alvefur <zash@zash.se> parents: 5679 diff changeset	67 end
5554029d759b certmanager: Overhaul of how ssl configs are built. Kim Alvefur <zash@zash.se> parents: 5679 diff changeset	68 end
5554029d759b certmanager: Overhaul of how ssl configs are built. Kim Alvefur <zash@zash.se> parents: 5679 diff changeset	69 end
5554029d759b certmanager: Overhaul of how ssl configs are built. Kim Alvefur <zash@zash.se> parents: 5679 diff changeset	70 for option,default_value in pairs(core_defaults) do
5554029d759b certmanager: Overhaul of how ssl configs are built. Kim Alvefur <zash@zash.se> parents: 5679 diff changeset	71 if not user_ssl_config[option] then
5554029d759b certmanager: Overhaul of how ssl configs are built. Kim Alvefur <zash@zash.se> parents: 5679 diff changeset	72 user_ssl_config[option] = default_value;
5554029d759b certmanager: Overhaul of how ssl configs are built. Kim Alvefur <zash@zash.se> parents: 5679 diff changeset	73 end
5554029d759b certmanager: Overhaul of how ssl configs are built. Kim Alvefur <zash@zash.se> parents: 5679 diff changeset	74 end
5554029d759b certmanager: Overhaul of how ssl configs are built. Kim Alvefur <zash@zash.se> parents: 5679 diff changeset	75 user_ssl_config.password = user_ssl_config.password or function() log("error", "Encrypted certificate for %s requires 'ssl' 'password' to be set in config", host); end;
5554029d759b certmanager: Overhaul of how ssl configs are built. Kim Alvefur <zash@zash.se> parents: 5679 diff changeset	76 for option in pairs(path_options) do
5554029d759b certmanager: Overhaul of how ssl configs are built. Kim Alvefur <zash@zash.se> parents: 5679 diff changeset	77 user_ssl_config[option] = user_ssl_config[option] and resolve_path(config_path, user_ssl_config[option]);
5554029d759b certmanager: Overhaul of how ssl configs are built. Kim Alvefur <zash@zash.se> parents: 5679 diff changeset	78 end
5554029d759b certmanager: Overhaul of how ssl configs are built. Kim Alvefur <zash@zash.se> parents: 5679 diff changeset	79
5656 576488cffc3a certmanager: Complain if key or certificate is missing from SSL config. Kim Alvefur <zash@zash.se> parents: 5621 diff changeset	80 if not user_ssl_config.key then return nil, "No key present in SSL/TLS configuration for "..host; end
576488cffc3a certmanager: Complain if key or certificate is missing from SSL config. Kim Alvefur <zash@zash.se> parents: 5621 diff changeset	81 if not user_ssl_config.certificate then return nil, "No certificate present in SSL/TLS configuration for "..host; end
3355 9bb2da325d4d certmanager: Adjust paths of SSL key/certs to be relative to the config file, fixes #147 Matthew Wild <mwild1@gmail.com> parents: 2739 diff changeset	82
5684 5554029d759b certmanager: Overhaul of how ssl configs are built. Kim Alvefur <zash@zash.se> parents: 5679 diff changeset	83 local ctx, err = ssl_newcontext(user_ssl_config);
4359 c69cbac4178f certmanager: Support setting ciphers in SSL config. LuaSec apparently ignores the documented ciphers option. Waqas Hussain <waqas20@gmail.com> parents: 3670 diff changeset	84
5684 5554029d759b certmanager: Overhaul of how ssl configs are built. Kim Alvefur <zash@zash.se> parents: 5679 diff changeset	85 -- COMPAT Older LuaSec ignores the cipher list from the config, so we have to take care
4359 c69cbac4178f certmanager: Support setting ciphers in SSL config. LuaSec apparently ignores the documented ciphers option. Waqas Hussain <waqas20@gmail.com> parents: 3670 diff changeset	86 -- of it ourselves (W/A for #x)
c69cbac4178f certmanager: Support setting ciphers in SSL config. LuaSec apparently ignores the documented ciphers option. Waqas Hussain <waqas20@gmail.com> parents: 3670 diff changeset	87 if ctx and user_ssl_config.ciphers then
c69cbac4178f certmanager: Support setting ciphers in SSL config. LuaSec apparently ignores the documented ciphers option. Waqas Hussain <waqas20@gmail.com> parents: 3670 diff changeset	88 local success;
c69cbac4178f certmanager: Support setting ciphers in SSL config. LuaSec apparently ignores the documented ciphers option. Waqas Hussain <waqas20@gmail.com> parents: 3670 diff changeset	89 success, err = ssl.context.setcipher(ctx, user_ssl_config.ciphers);
c69cbac4178f certmanager: Support setting ciphers in SSL config. LuaSec apparently ignores the documented ciphers option. Waqas Hussain <waqas20@gmail.com> parents: 3670 diff changeset	90 if not success then ctx = nil; end
c69cbac4178f certmanager: Support setting ciphers in SSL config. LuaSec apparently ignores the documented ciphers option. Waqas Hussain <waqas20@gmail.com> parents: 3670 diff changeset	91 end
c69cbac4178f certmanager: Support setting ciphers in SSL config. LuaSec apparently ignores the documented ciphers option. Waqas Hussain <waqas20@gmail.com> parents: 3670 diff changeset	92
3355 9bb2da325d4d certmanager: Adjust paths of SSL key/certs to be relative to the config file, fixes #147 Matthew Wild <mwild1@gmail.com> parents: 2739 diff changeset	93 if not ctx then
9bb2da325d4d certmanager: Adjust paths of SSL key/certs to be relative to the config file, fixes #147 Matthew Wild <mwild1@gmail.com> parents: 2739 diff changeset	94 err = err or "invalid ssl config"
9bb2da325d4d certmanager: Adjust paths of SSL key/certs to be relative to the config file, fixes #147 Matthew Wild <mwild1@gmail.com> parents: 2739 diff changeset	95 local file = err:match("^error loading (.-) %(");
9bb2da325d4d certmanager: Adjust paths of SSL key/certs to be relative to the config file, fixes #147 Matthew Wild <mwild1@gmail.com> parents: 2739 diff changeset	96 if file then
9bb2da325d4d certmanager: Adjust paths of SSL key/certs to be relative to the config file, fixes #147 Matthew Wild <mwild1@gmail.com> parents: 2739 diff changeset	97 if file == "private key" then
5684 5554029d759b certmanager: Overhaul of how ssl configs are built. Kim Alvefur <zash@zash.se> parents: 5679 diff changeset	98 file = user_ssl_config.key or "your private key";
3355 9bb2da325d4d certmanager: Adjust paths of SSL key/certs to be relative to the config file, fixes #147 Matthew Wild <mwild1@gmail.com> parents: 2739 diff changeset	99 elseif file == "certificate" then
5684 5554029d759b certmanager: Overhaul of how ssl configs are built. Kim Alvefur <zash@zash.se> parents: 5679 diff changeset	100 file = user_ssl_config.certificate or "your certificate file";
3355 9bb2da325d4d certmanager: Adjust paths of SSL key/certs to be relative to the config file, fixes #147 Matthew Wild <mwild1@gmail.com> parents: 2739 diff changeset	101 end
9bb2da325d4d certmanager: Adjust paths of SSL key/certs to be relative to the config file, fixes #147 Matthew Wild <mwild1@gmail.com> parents: 2739 diff changeset	102 local reason = err:match("%((.+)%)$") or "some reason";
9bb2da325d4d certmanager: Adjust paths of SSL key/certs to be relative to the config file, fixes #147 Matthew Wild <mwild1@gmail.com> parents: 2739 diff changeset	103 if reason == "Permission denied" then
9bb2da325d4d certmanager: Adjust paths of SSL key/certs to be relative to the config file, fixes #147 Matthew Wild <mwild1@gmail.com> parents: 2739 diff changeset	104 reason = "Check that the permissions allow Prosody to read this file.";
9bb2da325d4d certmanager: Adjust paths of SSL key/certs to be relative to the config file, fixes #147 Matthew Wild <mwild1@gmail.com> parents: 2739 diff changeset	105 elseif reason == "No such file or directory" then
9bb2da325d4d certmanager: Adjust paths of SSL key/certs to be relative to the config file, fixes #147 Matthew Wild <mwild1@gmail.com> parents: 2739 diff changeset	106 reason = "Check that the path is correct, and the file exists.";
9bb2da325d4d certmanager: Adjust paths of SSL key/certs to be relative to the config file, fixes #147 Matthew Wild <mwild1@gmail.com> parents: 2739 diff changeset	107 elseif reason == "system lib" then
9bb2da325d4d certmanager: Adjust paths of SSL key/certs to be relative to the config file, fixes #147 Matthew Wild <mwild1@gmail.com> parents: 2739 diff changeset	108 reason = "Previous error (see logs), or other system error.";
9bb2da325d4d certmanager: Adjust paths of SSL key/certs to be relative to the config file, fixes #147 Matthew Wild <mwild1@gmail.com> parents: 2739 diff changeset	109 elseif reason == "(null)" or not reason then
9bb2da325d4d certmanager: Adjust paths of SSL key/certs to be relative to the config file, fixes #147 Matthew Wild <mwild1@gmail.com> parents: 2739 diff changeset	110 reason = "Check that the file exists and the permissions are correct";
2630 e8fc67b73820 certmanager: Bring back the friendly errors when failing to load the key/certificate file Matthew Wild <mwild1@gmail.com> parents: 2564 diff changeset	111 else
3355 9bb2da325d4d certmanager: Adjust paths of SSL key/certs to be relative to the config file, fixes #147 Matthew Wild <mwild1@gmail.com> parents: 2739 diff changeset	112 reason = "Reason: "..tostring(reason):lower();
2630 e8fc67b73820 certmanager: Bring back the friendly errors when failing to load the key/certificate file Matthew Wild <mwild1@gmail.com> parents: 2564 diff changeset	113 end
4925 55f6e0673e33 certmanager: Add quotes around cert file path when logging. Waqas Hussain <waqas20@gmail.com> parents: 4900 diff changeset	114 log("error", "SSL/TLS: Failed to load '%s': %s (for %s)", file, reason, host);
3355 9bb2da325d4d certmanager: Adjust paths of SSL key/certs to be relative to the config file, fixes #147 Matthew Wild <mwild1@gmail.com> parents: 2739 diff changeset	115 else
4855 a31ea431d906 certmanager: Adjust error messages to be non-specific about 'host' (so we can specify a service name instead ffor SSL) Matthew Wild <mwild1@gmail.com> parents: 4656 diff changeset	116 log("error", "SSL/TLS: Error initialising for %s: %s", host, err);
3355 9bb2da325d4d certmanager: Adjust paths of SSL key/certs to be relative to the config file, fixes #147 Matthew Wild <mwild1@gmail.com> parents: 2739 diff changeset	117 end
3540 bc139431830b Monster whitespace commit (beware the whitespace monster). Waqas Hussain <waqas20@gmail.com> parents: 3402 diff changeset	118 end
bc139431830b Monster whitespace commit (beware the whitespace monster). Waqas Hussain <waqas20@gmail.com> parents: 3402 diff changeset	119 return ctx, err;
2554 b877533d4ec9 certmanager: Hello world, I'm come to manage your SSL contexts Matthew Wild <mwild1@gmail.com> parents: diff changeset	120 end
b877533d4ec9 certmanager: Hello world, I'm come to manage your SSL contexts Matthew Wild <mwild1@gmail.com> parents: diff changeset	121
b877533d4ec9 certmanager: Hello world, I'm come to manage your SSL contexts Matthew Wild <mwild1@gmail.com> parents: diff changeset	122 function reload_ssl_config()
5684 5554029d759b certmanager: Overhaul of how ssl configs are built. Kim Alvefur <zash@zash.se> parents: 5679 diff changeset	123 global_ssl_config = configmanager.get("*", "ssl");
2554 b877533d4ec9 certmanager: Hello world, I'm come to manage your SSL contexts Matthew Wild <mwild1@gmail.com> parents: diff changeset	124 end
b877533d4ec9 certmanager: Hello world, I'm come to manage your SSL contexts Matthew Wild <mwild1@gmail.com> parents: diff changeset	125
b877533d4ec9 certmanager: Hello world, I'm come to manage your SSL contexts Matthew Wild <mwild1@gmail.com> parents: diff changeset	126 prosody.events.add_handler("config-reloaded", reload_ssl_config);
b877533d4ec9 certmanager: Hello world, I'm come to manage your SSL contexts Matthew Wild <mwild1@gmail.com> parents: diff changeset	127
b877533d4ec9 certmanager: Hello world, I'm come to manage your SSL contexts Matthew Wild <mwild1@gmail.com> parents: diff changeset	128 return _M;

prosody

5554029d759b

core/certmanager.lua

Software / code / prosody

Annotate

core/certmanager.lua @ 5684:5554029d759b

Software `/` code `/` prosody