prosody
f855ba7da30e
core/certmanager.lua
Software / code / prosody
Comparison
core/certmanager.lua @ 7144:f855ba7da30e
certmanager: Apply global ssl config later so certificate/key is not overwritten by magic
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Fri, 05 Feb 2016 15:03:39 +0100 |
| parent | 7140:b19438c2ca1b |
| child | 7145:b1a109858502 |
comparison
equal
deleted
inserted
replaced
| 7140:b19438c2ca1b | 7144:f855ba7da30e |
|---|---|
| 118 end | 118 end |
| 119 | 119 |
| 120 local function create_context(host, mode, ...) | 120 local function create_context(host, mode, ...) |
| 121 local cfg = new_config(); | 121 local cfg = new_config(); |
| 122 cfg:apply(core_defaults); | 122 cfg:apply(core_defaults); |
| 123 cfg:apply(global_ssl_config); | |
| 124 local service_name, port = host:match("^(%w+) port (%d+)$"); | 123 local service_name, port = host:match("^(%w+) port (%d+)$"); |
| 125 if service_name then | 124 if service_name then |
| 126 cfg:apply(find_service_cert(service_name, tonumber(port))); | 125 cfg:apply(find_service_cert(service_name, tonumber(port))); |
| 127 else | 126 else |
| 128 cfg:apply(find_host_cert(host)); | 127 cfg:apply(find_host_cert(host)); |
| 130 cfg:apply({ | 129 cfg:apply({ |
| 131 mode = mode, | 130 mode = mode, |
| 132 -- We can't read the password interactively when daemonized | 131 -- We can't read the password interactively when daemonized |
| 133 password = function() log("error", "Encrypted certificate for %s requires 'ssl' 'password' to be set in config", host); end; | 132 password = function() log("error", "Encrypted certificate for %s requires 'ssl' 'password' to be set in config", host); end; |
| 134 }); | 133 }); |
| 134 cfg:apply(global_ssl_config); | |
| 135 | 135 |
| 136 for i = select('#', ...), 1, -1 do | 136 for i = select('#', ...), 1, -1 do |
| 137 cfg:apply(select(i, ...)); | 137 cfg:apply(select(i, ...)); |
| 138 end | 138 end |
| 139 local user_ssl_config = cfg:final(); | 139 local user_ssl_config = cfg:final(); |
