Software /
code /
prosody
Comparison
core/portmanager.lua @ 11596:f6f1b50cbedf
core.portmanager: Factor out base TLS context creation for reuse
Thinking I can use this to reload certificates after config reload
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Thu, 10 Jun 2021 15:21:07 +0200 |
parent | 11590:5aafb832c91b |
child | 11597:7e1ca18fdfb3 |
comparison
equal
deleted
inserted
replaced
11595:8985efc6792d | 11596:f6f1b50cbedf |
---|---|
63 friendly_message = "Prosody does not have sufficient privileges to use this port"; | 63 friendly_message = "Prosody does not have sufficient privileges to use this port"; |
64 end | 64 end |
65 return friendly_message; | 65 return friendly_message; |
66 end | 66 end |
67 | 67 |
68 local function get_port_ssl_ctx(port, interface, config_prefix, service_info) | |
69 local global_ssl_config = config.get("*", "ssl") or {}; | |
70 local prefix_ssl_config = config.get("*", config_prefix.."ssl") or global_ssl_config; | |
71 log("debug", "Creating context for direct TLS service %s on port %d", service_info.name, port); | |
72 local ssl, err, cfg = certmanager.create_context(service_info.name.." port "..port, "server", | |
73 prefix_ssl_config[interface], | |
74 prefix_ssl_config[port], | |
75 prefix_ssl_config, | |
76 service_info.ssl_config or {}, | |
77 global_ssl_config[interface], | |
78 global_ssl_config[port]); | |
79 return ssl, cfg, err; | |
80 end | |
81 | |
68 --- Public API | 82 --- Public API |
69 | 83 |
70 local function activate(service_name) | 84 local function activate(service_name) |
71 local service_info = services[service_name][1]; | 85 local service_info = services[service_name][1]; |
72 if not service_info then | 86 if not service_info then |
109 active_services:search(nil, interface, port)[1][1].service.name or "<unnamed>", service_name or "<unnamed>"); | 123 active_services:search(nil, interface, port)[1][1].service.name or "<unnamed>", service_name or "<unnamed>"); |
110 else | 124 else |
111 local ssl, cfg, err; | 125 local ssl, cfg, err; |
112 -- Create SSL context for this service/port | 126 -- Create SSL context for this service/port |
113 if service_info.encryption == "ssl" then | 127 if service_info.encryption == "ssl" then |
114 local global_ssl_config = config.get("*", "ssl") or {}; | 128 ssl, cfg, err = get_port_ssl_ctx(port, interface, config_prefix, service_info); |
115 local prefix_ssl_config = config.get("*", config_prefix.."ssl") or global_ssl_config; | |
116 log("debug", "Creating context for direct TLS service %s on port %d", service_info.name, port); | |
117 ssl, err, cfg = certmanager.create_context(service_info.name.." port "..port, "server", | |
118 prefix_ssl_config[interface], | |
119 prefix_ssl_config[port], | |
120 prefix_ssl_config, | |
121 service_info.ssl_config or {}, | |
122 global_ssl_config[interface], | |
123 global_ssl_config[port]); | |
124 if not ssl then | 129 if not ssl then |
125 log("error", "Error binding encrypted port for %s: %s", service_info.name, | 130 log("error", "Error binding encrypted port for %s: %s", service_info.name, |
126 error_to_friendly_message(service_name, port_number, err) or "unknown error"); | 131 error_to_friendly_message(service_name, port_number, err) or "unknown error"); |
127 end | 132 end |
128 end | 133 end |