prosody
66fb7b7c668d
plugins/mod_tls.lua

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody

Comparison

plugins/mod_tls.lua @ 6296:66fb7b7c668d

mod_tls: Simplify and use new ssl config merging in certmanager
author Kim Alvefur <zash@zash.se>
date Thu, 03 Jul 2014 15:35:45 +0200
parent 5993:ef11b8bab405
child 6302:76699a0ae4c4
comparison
equal deleted inserted replaced
6295:cb12ff49503d 6296:66fb7b7c668d
4 -- 4 --
5 -- This project is MIT/X11 licensed. Please see the 5 -- This project is MIT/X11 licensed. Please see the
6 -- COPYING file in the source package for more information. 6 -- COPYING file in the source package for more information.
7 -- 7 --
8 8
9 local config = require "core.configmanager";
10 local create_context = require "core.certmanager".create_context; 9 local create_context = require "core.certmanager".create_context;
11 local st = require "util.stanza"; 10 local st = require "util.stanza";
12 11
13 local c2s_require_encryption = module:get_option("c2s_require_encryption") or module:get_option("require_encryption"); 12 local c2s_require_encryption = module:get_option("c2s_require_encryption") or module:get_option("require_encryption");
14 local s2s_require_encryption = module:get_option("s2s_require_encryption"); 13 local s2s_require_encryption = module:get_option("s2s_require_encryption");
32 local hosts = prosody.hosts; 31 local hosts = prosody.hosts;
33 local host = hosts[module.host]; 32 local host = hosts[module.host];
34 33
35 local ssl_ctx_c2s, ssl_ctx_s2sout, ssl_ctx_s2sin; 34 local ssl_ctx_c2s, ssl_ctx_s2sout, ssl_ctx_s2sin;
36 do 35 do
37 local function get_ssl_cfg(typ) 36 local NULL, err = {};
38 local cfg_key = (typ and typ.."_" or "").."ssl"; 37 local global = module:context("*");
39 local ssl_config = config.rawget(module.host, cfg_key); 38 local parent = module:context(module.host:match("%.(.*)$"));
40 if not ssl_config then
41 local base_host = module.host:match("%.(.*)");
42 ssl_config = config.get(base_host, cfg_key);
43 end
44 return ssl_config or typ and get_ssl_cfg();
45 end
46 39
47 local ssl_config, err = get_ssl_cfg("c2s"); 40 local parent_ssl = parent:get_option("ssl");
48 ssl_ctx_c2s, err = create_context(host.host, "server", ssl_config); -- for incoming client connections 41 local host_ssl = module:get_option("ssl", parent_ssl);
42
43 local global_c2s = global:get_option("c2s_ssl", NULL);
44 local parent_c2s = parent:get_option("c2s_ssl", NULL);
45 local host_c2s = module:get_option("c2s_ssl", parent_c2s);
46
47 local global_s2s = global:get_option("s2s_ssl", NULL);
48 local parent_s2s = parent:get_option("s2s_ssl", NULL);
49 local host_s2s = module:get_option("s2s_ssl", parent_s2s);
50
51 ssl_ctx_c2s, err = create_context(host.host, "server", host_c2s, host_ssl, global_c2s); -- for incoming client connections
49 if err then module:log("error", "Error creating context for c2s: %s", err); end 52 if err then module:log("error", "Error creating context for c2s: %s", err); end
50 53
51 ssl_config = get_ssl_cfg("s2s"); 54 ssl_ctx_s2sin, err = create_context(host.host, "server", host_s2s, host_ssl, global_s2s); -- for incoming server connections
52 ssl_ctx_s2sin, err = create_context(host.host, "server", ssl_config); -- for incoming server connections 55 ssl_ctx_s2sout = create_context(host.host, "client", host_s2s, host_ssl, global_s2s); -- for outgoing server connections
53 ssl_ctx_s2sout = create_context(host.host, "client", ssl_config); -- for outgoing server connections
54 if err then module:log("error", "Error creating context for s2s: %s", err); end -- Both would have the same issue 56 if err then module:log("error", "Error creating context for s2s: %s", err); end -- Both would have the same issue
55 end 57 end
56 58
57 local function can_do_tls(session) 59 local function can_do_tls(session)
58 if not session.conn.starttls then 60 if not session.conn.starttls then