prosody
b877533d4ec9
core/certmanager.lua
Software / code / prosody
Comparison
core/certmanager.lua @ 2554:b877533d4ec9
certmanager: Hello world, I'm come to manage your SSL contexts
| author | Matthew Wild <mwild1@gmail.com> |
|---|---|
| date | Sun, 31 Jan 2010 17:22:59 +0000 |
| child | 2563:1ede33f50ab4 |
comparison
equal
deleted
inserted
replaced
| 2553:c3afa1e02e8f | 2554:b877533d4ec9 |
|---|---|
| 1 local configmanager = require "core.configmanager"; | |
| 2 local ssl = ssl; | |
| 3 local ssl_newcontext = ssl.newcontext; | |
| 4 | |
| 5 local setmetatable = setmetatable; | |
| 6 | |
| 7 local prosody = prosody; | |
| 8 | |
| 9 module "certmanager" | |
| 10 | |
| 11 -- These are the defaults if not overridden in the config | |
| 12 local default_ssl_ctx = { mode = "client", protocol = "sslv23", capath = "/etc/ssl/certs", verify = "none", options = "no_sslv2"; }; | |
| 13 local default_ssl_ctx_in = { mode = "server", protocol = "sslv23", capath = "/etc/ssl/certs", verify = "none", options = "no_sslv2"; }; | |
| 14 | |
| 15 local default_ssl_ctx_mt = { __index = default_ssl_ctx }; | |
| 16 local default_ssl_ctx_in_mt = { __index = default_ssl_ctx_in }; | |
| 17 | |
| 18 -- Global SSL options if not overridden per-host | |
| 19 local default_ssl_config = configmanager.get("*", "core", "ssl"); | |
| 20 | |
| 21 function get_context(host, mode, config) | |
| 22 local ssl_config = config and config.core.ssl or default_ssl_config; | |
| 23 if ssl and ssl_config then | |
| 24 return ssl_newcontext(setmetatable(ssl_config, mode == "client" and default_ssl_ctx_mt or default_ssl_ctx_in_mt)); | |
| 25 end | |
| 26 return nil; | |
| 27 end | |
| 28 | |
| 29 function reload_ssl_config() | |
| 30 default_ssl_config = config.get("*", "core", "ssl"); | |
| 31 end | |
| 32 | |
| 33 prosody.events.add_handler("config-reloaded", reload_ssl_config); | |
| 34 | |
| 35 return _M; |
