prosody
7e9ebdc75ce4
core/portmanager.lua

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody

Comparison

core/portmanager.lua @ 12480:7e9ebdc75ce4

net: isolate LuaSec-specifics For this, various accessor functions are now provided directly on the sockets, which reach down into the LuaSec implementation to obtain the information. While this may seem of little gain at first, it hides the implementation detail of the LuaSec+LuaSocket combination that the actual socket and the TLS layer are separate objects. The net gain here is that an alternative implementation does not have to emulate that specific implementation detail and "only" has to expose LuaSec-compatible data structures on the new functions.
author Jonas Schäfer <jonas@wielicki.name>
date Wed, 27 Apr 2022 17:44:14 +0200
parent 12312:8119a58b3a5c
child 12972:ead41e25ebc0
comparison
equal deleted inserted replaced
12478:82270a6b1234 12480:7e9ebdc75ce4
238 238
239 local function add_sni_host(host, service) 239 local function add_sni_host(host, service)
240 log("debug", "Gathering certificates for SNI for host %s, %s service", host, service or "default"); 240 log("debug", "Gathering certificates for SNI for host %s, %s service", host, service or "default");
241 for name, interface, port, n, active_service --luacheck: ignore 213 241 for name, interface, port, n, active_service --luacheck: ignore 213
242 in active_services:iter(service, nil, nil, nil) do 242 in active_services:iter(service, nil, nil, nil) do
243 if active_service.server.hosts and active_service.tls_cfg then 243 if active_service.server and active_service.tls_cfg then
244 local config_prefix = (active_service.config_prefix or name).."_";
245 if config_prefix == "_" then config_prefix = ""; end
246 local prefix_ssl_config = config.get(host, config_prefix.."ssl");
247 local alternate_host = name and config.get(host, name.."_host"); 244 local alternate_host = name and config.get(host, name.."_host");
248 if not alternate_host and name == "https" then 245 if not alternate_host and name == "https" then
249 -- TODO should this be some generic thing? e.g. in the service definition 246 -- TODO should this be some generic thing? e.g. in the service definition
250 alternate_host = config.get(host, "http_host"); 247 alternate_host = config.get(host, "http_host");
251 end 248 end
252 local autocert = certmanager.find_host_cert(alternate_host or host); 249 local autocert = certmanager.find_host_cert(alternate_host or host);
253 -- luacheck: ignore 211/cfg 250 local manualcert = active_service.tls_cfg;
254 local ssl, err, cfg = certmanager.create_context(host, "server", prefix_ssl_config, autocert, active_service.tls_cfg); 251 local certificate = (autocert and autocert.certificate) or manualcert.certificate;
255 if ssl then 252 local key = (autocert and autocert.key) or manualcert.key;
256 active_service.server.hosts[alternate_host or host] = ssl; 253 local ok, err = active_service.server:sslctx():set_sni_host(
257 else 254 host,
255 certificate,
256 key
257 );
258 if not ok then
258 log("error", "Error creating TLS context for SNI host %s: %s", host, err); 259 log("error", "Error creating TLS context for SNI host %s: %s", host, err);
259 end 260 end
260 end 261 end
261 end 262 end
262 end 263 end
275 prosody.events.add_handler("host-activated", add_sni_host); 276 prosody.events.add_handler("host-activated", add_sni_host);
276 prosody.events.add_handler("host-deactivated", function (host) 277 prosody.events.add_handler("host-deactivated", function (host)
277 for name, interface, port, n, active_service --luacheck: ignore 213 278 for name, interface, port, n, active_service --luacheck: ignore 213
278 in active_services:iter(nil, nil, nil, nil) do 279 in active_services:iter(nil, nil, nil, nil) do
279 if active_service.tls_cfg then 280 if active_service.tls_cfg then
280 active_service.server.hosts[host] = nil; 281 active_service.server:sslctx():remove_sni_host(host)
281 end 282 end
282 end 283 end
283 end); 284 end);
284 285
285 prosody.events.add_handler("config-reloaded", function () 286 prosody.events.add_handler("config-reloaded", function ()