Diff

net/server_epoll.lua @ 9309:33d500c25d76

net.server_epoll: Refactor Direct TLS assumptions outwards The assumption that connections are "Direct TLS" when a TLS context is supplided should be broken. The goal is to make it easy to add a new API that can be given a TLS context at creation even if it should do STARTTLS. With this commit, only the exposed server_select-compatible API assumes Direct TLS when a TLS context is included.
author Kim Alvefur <zash@zash.se>
date Thu, 13 Sep 2018 20:37:43 +0200
parent 9306:35c128b42509
child 9310:2d2d4c293efa
line wrap: on
line diff
--- a/net/server_epoll.lua	Thu Sep 13 16:45:18 2018 +0100
+++ b/net/server_epoll.lua	Thu Sep 13 20:37:43 2018 +0200
@@ -454,7 +454,6 @@
 		self.onreadable = nil;
 		self._tls = true;
 		self:on("status", "ssl-handshake-complete");
-		self.init = nil; -- Restore default method
 		self:init();
 	elseif err == "wantread" then
 		log("debug", "TLS handshake on %s to wait until readable", self);
@@ -489,9 +488,6 @@
 	if client.getsockname then
 		conn.sockname, conn.sockport = client:getsockname();
 	end
-	if tls_ctx then
-		conn.init = interface.starttls;
-	end
 	return conn;
 end
 
@@ -504,9 +500,13 @@
 		self:pausefor(cfg.accept_retry_interval);
 		return;
 	end
-	local client = wrapsocket(conn, self, nil, self.listeners, self.tls_ctx);
+	local client = wrapsocket(conn, self, nil, self.listeners);
 	log("debug", "New connection %s", tostring(client));
-	client:init();
+	if self.tls_direct then
+		client:starttls(self.tls_ctx);
+	else
+		client:init();
+	end
 end
 
 -- Initialization
@@ -559,6 +559,7 @@
 		_pattern = pattern;
 		onreadable = interface.onacceptable;
 		tls_ctx = tls_ctx;
+		tls_direct = tls_ctx and true or false;
 		sockname = addr;
 		sockport = port;
 	}, interface_mt);
@@ -572,7 +573,11 @@
 	if not client.peername then
 		client.peername, client.peerport = addr, port;
 	end
-	client:init();
+	if tls_ctx then
+		client:starttls(tls_ctx);
+	else
+		client:init();
+	end
 	return client;
 end
 
@@ -583,7 +588,11 @@
 	conn:settimeout(0);
 	conn:connect(addr, port);
 	local client = wrapsocket(conn, nil, pattern, listeners, tls_ctx)
-	client:init();
+	if tls_ctx then
+		client:starttls(tls_ctx);
+	else
+		client:init();
+	end
 	return client, conn;
 end