prosody
70e56f126177
core/portmanager.lua
Software / code / prosody
Comparison
core/portmanager.lua @ 9849:70e56f126177
core.portmanager: Collect per-host certificates for SNI
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Fri, 14 Sep 2018 01:30:56 +0200 |
| parent | 9848:b923053e69ba |
| child | 9975:ca01c449357f |
comparison
equal
deleted
inserted
replaced
| 9848:b923053e69ba | 9849:70e56f126177 |
|---|---|
| 8 local set = require "util.set"; | 8 local set = require "util.set"; |
| 9 | 9 |
| 10 local table = table; | 10 local table = table; |
| 11 local setmetatable, rawset, rawget = setmetatable, rawset, rawget; | 11 local setmetatable, rawset, rawget = setmetatable, rawset, rawget; |
| 12 local type, tonumber, tostring, ipairs = type, tonumber, tostring, ipairs; | 12 local type, tonumber, tostring, ipairs = type, tonumber, tostring, ipairs; |
| 13 local pairs = pairs; | |
| 13 | 14 |
| 14 local prosody = prosody; | 15 local prosody = prosody; |
| 15 local fire_event = prosody.events.fire_event; | 16 local fire_event = prosody.events.fire_event; |
| 16 | 17 |
| 17 local _ENV = nil; | 18 local _ENV = nil; |
| 225 return services; | 226 return services; |
| 226 end | 227 end |
| 227 | 228 |
| 228 -- Event handlers | 229 -- Event handlers |
| 229 | 230 |
| 231 local function add_sni_host(host, service) | |
| 232 -- local global_ssl_config = config.get(host, "ssl") or {}; | |
| 233 for name, interface, port, n, active_service --luacheck: ignore 213 | |
| 234 in active_services:iter(service, nil, nil, nil) do | |
| 235 if active_service.server.hosts and active_service.tls_cfg then | |
| 236 -- local config_prefix = (active_service.config_prefix or name).."_"; | |
| 237 -- if config_prefix == "_" then | |
| 238 -- config_prefix = ""; | |
| 239 -- end | |
| 240 -- local prefix_ssl_config = config.get(host, config_prefix.."ssl") or global_ssl_config; | |
| 241 -- FIXME only global 'ssl' settings are mixed in here | |
| 242 -- TODO per host and per service settings should be merged in, | |
| 243 -- without overriding the per-host certificate | |
| 244 local ssl, err, cfg = certmanager.create_context(host, "server"); | |
| 245 if ssl then | |
| 246 active_service.server.hosts[host] = ssl; | |
| 247 if not active_service.tls_cfg.certificate then | |
| 248 active_service.server.tls_ctx = ssl; | |
| 249 active_service.tls_cfg = cfg; | |
| 250 end | |
| 251 else | |
| 252 log("error", "err = %q", err); | |
| 253 end | |
| 254 end | |
| 255 end | |
| 256 end | |
| 257 | |
| 230 prosody.events.add_handler("item-added/net-provider", function (event) | 258 prosody.events.add_handler("item-added/net-provider", function (event) |
| 231 local item = event.item; | 259 local item = event.item; |
| 232 register_service(item.name, item); | 260 register_service(item.name, item); |
| 261 for host in pairs(prosody.hosts) do | |
| 262 add_sni_host(host, item.name); | |
| 263 end | |
| 233 end); | 264 end); |
| 234 prosody.events.add_handler("item-removed/net-provider", function (event) | 265 prosody.events.add_handler("item-removed/net-provider", function (event) |
| 235 local item = event.item; | 266 local item = event.item; |
| 236 unregister_service(item.name, item); | 267 unregister_service(item.name, item); |
| 268 end); | |
| 269 | |
| 270 prosody.events.add_handler("host-activated", add_sni_host); | |
| 271 prosody.events.add_handler("host-deactivated", function (host) | |
| 272 for name, interface, port, n, active_service --luacheck: ignore 213 | |
| 273 in active_services:iter(nil, nil, nil, nil) do | |
| 274 if active_service.tls_cfg then | |
| 275 active_service.server.hosts[host] = nil; | |
| 276 end | |
| 277 end | |
| 237 end); | 278 end); |
| 238 | 279 |
| 239 return { | 280 return { |
| 240 activate = activate; | 281 activate = activate; |
| 241 deactivate = deactivate; | 282 deactivate = deactivate; |
