prosody
5aafb832c91b
core/portmanager.lua
Software / code / prosody
Comparison
core/portmanager.lua @ 11590:5aafb832c91b
core.portmanager: Fix race condition in initialization of SNI cert map
Under some circumstances when hosts and modules are loaded in some
certain order, entries end up missing from the SNI map. This manifests
in e.g. `curl https://localhost:5281/` giving an error about
"unrecognized name".
The `service` argument is `nil` when invoked from the "host-activated"
event, leading it to iterating over every service. And then it would not
be fetching e.g. `http_host` from the config, which explains why https
would sometimes not work due to the missing name entry.
Because when `service` is included, this limits the iteration to
matching entries, while also returning the same value as the `name` loop
variable. Because `name == service when service != nil` we can use name
instead in the body of the loop.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Fri, 28 May 2021 17:09:22 +0200 |
| parent | 11536:fb9bd9fa4356 |
| child | 11596:f6f1b50cbedf |
comparison
equal
deleted
inserted
replaced
| 11589:fb854431d6c4 | 11590:5aafb832c91b |
|---|---|
| 235 in active_services:iter(service, nil, nil, nil) do | 235 in active_services:iter(service, nil, nil, nil) do |
| 236 if active_service.server.hosts and active_service.tls_cfg then | 236 if active_service.server.hosts and active_service.tls_cfg then |
| 237 local config_prefix = (active_service.config_prefix or name).."_"; | 237 local config_prefix = (active_service.config_prefix or name).."_"; |
| 238 if config_prefix == "_" then config_prefix = ""; end | 238 if config_prefix == "_" then config_prefix = ""; end |
| 239 local prefix_ssl_config = config.get(host, config_prefix.."ssl"); | 239 local prefix_ssl_config = config.get(host, config_prefix.."ssl"); |
| 240 local alternate_host = service and config.get(host, service.."_host"); | 240 local alternate_host = name and config.get(host, name.."_host"); |
| 241 if not alternate_host and service == "https" then | 241 if not alternate_host and name == "https" then |
| 242 -- TODO should this be some generic thing? e.g. in the service definition | 242 -- TODO should this be some generic thing? e.g. in the service definition |
| 243 alternate_host = config.get(host, "http_host"); | 243 alternate_host = config.get(host, "http_host"); |
| 244 end | 244 end |
| 245 local autocert = certmanager.find_host_cert(alternate_host or host); | 245 local autocert = certmanager.find_host_cert(alternate_host or host); |
| 246 -- luacheck: ignore 211/cfg | 246 -- luacheck: ignore 211/cfg |
