prosody
0033b021038f
core/certmanager.lua
Software / code / prosody
Comparison
core/certmanager.lua @ 6294:0033b021038f
core.certmanager: Make create_context() support an arbitrary number of option sets, merging all
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Thu, 03 Jul 2014 15:32:26 +0200 |
| parent | 6293:851fb5e9fa0c |
| child | 6501:71b6e8b48a12 |
comparison
equal
deleted
inserted
replaced
| 6293:851fb5e9fa0c | 6294:0033b021038f |
|---|---|
| 14 | 14 |
| 15 local tostring = tostring; | 15 local tostring = tostring; |
| 16 local pairs = pairs; | 16 local pairs = pairs; |
| 17 local type = type; | 17 local type = type; |
| 18 local io_open = io.open; | 18 local io_open = io.open; |
| 19 local select = select; | |
| 19 | 20 |
| 20 local prosody = prosody; | 21 local prosody = prosody; |
| 21 local resolve_path = require"util.paths".resolve_relative_path; | 22 local resolve_path = require"util.paths".resolve_relative_path; |
| 22 local config_path = prosody.paths.config; | 23 local config_path = prosody.paths.config; |
| 23 | 24 |
| 60 for i=1,#core_defaults.verifyext do -- Remove lsec_ prefix | 61 for i=1,#core_defaults.verifyext do -- Remove lsec_ prefix |
| 61 core_defaults.verify[#core_defaults.verify+1] = core_defaults.verifyext[i]:sub(6); | 62 core_defaults.verify[#core_defaults.verify+1] = core_defaults.verifyext[i]:sub(6); |
| 62 end | 63 end |
| 63 end | 64 end |
| 64 | 65 |
| 65 function create_context(host, mode, user_ssl_config) | 66 function create_context(host, mode, ...) |
| 66 if not ssl then return nil, "LuaSec (required for encryption) was not found"; end | 67 if not ssl then return nil, "LuaSec (required for encryption) was not found"; end |
| 67 | 68 |
| 68 local cfg = new_config(); | 69 local cfg = new_config(); |
| 69 cfg:apply(core_defaults); | 70 cfg:apply(core_defaults); |
| 70 cfg:apply(global_ssl_config); | 71 cfg:apply(global_ssl_config); |
| 71 cfg:apply({ | 72 cfg:apply({ |
| 72 mode = mode, | 73 mode = mode, |
| 73 -- We can't read the password interactively when daemonized | 74 -- We can't read the password interactively when daemonized |
| 74 password = function() log("error", "Encrypted certificate for %s requires 'ssl' 'password' to be set in config", host); end; | 75 password = function() log("error", "Encrypted certificate for %s requires 'ssl' 'password' to be set in config", host); end; |
| 75 }); | 76 }); |
| 76 cfg:apply(user_ssl_config); | |
| 77 | 77 |
| 78 user_ssl_config = cfg:final(); | 78 for i = select('#', ...), 1, -1 do |
| 79 cfg:apply(select(i, ...)); | |
| 80 end | |
| 81 local user_ssl_config = cfg:final(); | |
| 79 | 82 |
| 80 if mode == "server" then | 83 if mode == "server" then |
| 81 if not user_ssl_config.key then return nil, "No key present in SSL/TLS configuration for "..host; end | 84 if not user_ssl_config.key then return nil, "No key present in SSL/TLS configuration for "..host; end |
| 82 if not user_ssl_config.certificate then return nil, "No certificate present in SSL/TLS configuration for "..host; end | 85 if not user_ssl_config.certificate then return nil, "No certificate present in SSL/TLS configuration for "..host; end |
| 83 end | 86 end |
