Comparison

core/portmanager.lua @ 11596:f6f1b50cbedf

core.portmanager: Factor out base TLS context creation for reuse Thinking I can use this to reload certificates after config reload
author Kim Alvefur <zash@zash.se>
date Thu, 10 Jun 2021 15:21:07 +0200
parent 11590:5aafb832c91b
child 11597:7e1ca18fdfb3
comparison
equal deleted inserted replaced
11595:8985efc6792d 11596:f6f1b50cbedf
63 friendly_message = "Prosody does not have sufficient privileges to use this port"; 63 friendly_message = "Prosody does not have sufficient privileges to use this port";
64 end 64 end
65 return friendly_message; 65 return friendly_message;
66 end 66 end
67 67
68 local function get_port_ssl_ctx(port, interface, config_prefix, service_info)
69 local global_ssl_config = config.get("*", "ssl") or {};
70 local prefix_ssl_config = config.get("*", config_prefix.."ssl") or global_ssl_config;
71 log("debug", "Creating context for direct TLS service %s on port %d", service_info.name, port);
72 local ssl, err, cfg = certmanager.create_context(service_info.name.." port "..port, "server",
73 prefix_ssl_config[interface],
74 prefix_ssl_config[port],
75 prefix_ssl_config,
76 service_info.ssl_config or {},
77 global_ssl_config[interface],
78 global_ssl_config[port]);
79 return ssl, cfg, err;
80 end
81
68 --- Public API 82 --- Public API
69 83
70 local function activate(service_name) 84 local function activate(service_name)
71 local service_info = services[service_name][1]; 85 local service_info = services[service_name][1];
72 if not service_info then 86 if not service_info then
109 active_services:search(nil, interface, port)[1][1].service.name or "<unnamed>", service_name or "<unnamed>"); 123 active_services:search(nil, interface, port)[1][1].service.name or "<unnamed>", service_name or "<unnamed>");
110 else 124 else
111 local ssl, cfg, err; 125 local ssl, cfg, err;
112 -- Create SSL context for this service/port 126 -- Create SSL context for this service/port
113 if service_info.encryption == "ssl" then 127 if service_info.encryption == "ssl" then
114 local global_ssl_config = config.get("*", "ssl") or {}; 128 ssl, cfg, err = get_port_ssl_ctx(port, interface, config_prefix, service_info);
115 local prefix_ssl_config = config.get("*", config_prefix.."ssl") or global_ssl_config;
116 log("debug", "Creating context for direct TLS service %s on port %d", service_info.name, port);
117 ssl, err, cfg = certmanager.create_context(service_info.name.." port "..port, "server",
118 prefix_ssl_config[interface],
119 prefix_ssl_config[port],
120 prefix_ssl_config,
121 service_info.ssl_config or {},
122 global_ssl_config[interface],
123 global_ssl_config[port]);
124 if not ssl then 129 if not ssl then
125 log("error", "Error binding encrypted port for %s: %s", service_info.name, 130 log("error", "Error binding encrypted port for %s: %s", service_info.name,
126 error_to_friendly_message(service_name, port_number, err) or "unknown error"); 131 error_to_friendly_message(service_name, port_number, err) or "unknown error");
127 end 132 end
128 end 133 end