# HG changeset patch
# User Kim Alvefur <zash@zash.se>
# Date 1575066254 -3600
# Node ID fbeb7a3fc4ebec123c1d384a3d9e2f2269507ef9
# Parent  9af6ab2623b0e239a85b43f5f178590bd6a873c0
core.portmanager: Fix TLS context inheritance for SNI hosts (completes SNI support)

diff -r 9af6ab2623b0 -r fbeb7a3fc4eb core/certmanager.lua
--- a/core/certmanager.lua	Fri Nov 29 23:22:29 2019 +0100
+++ b/core/certmanager.lua	Fri Nov 29 23:24:14 2019 +0100
@@ -252,4 +252,5 @@
 	create_context = create_context;
 	reload_ssl_config = reload_ssl_config;
 	find_cert = find_cert;
+	find_host_cert = find_host_cert;
 };
diff -r 9af6ab2623b0 -r fbeb7a3fc4eb core/portmanager.lua
--- a/core/portmanager.lua	Fri Nov 29 23:22:29 2019 +0100
+++ b/core/portmanager.lua	Fri Nov 29 23:24:14 2019 +0100
@@ -230,19 +230,14 @@
 -- Event handlers
 
 local function add_sni_host(host, service)
-	-- local global_ssl_config = config.get(host, "ssl") or {};
 	for name, interface, port, n, active_service --luacheck: ignore 213
 		in active_services:iter(service, nil, nil, nil) do
 		if active_service.server.hosts and active_service.tls_cfg then
-			-- local config_prefix = (active_service.config_prefix or name).."_";
-			-- if config_prefix == "_" then
-				-- config_prefix = "";
-			-- end
-			-- local prefix_ssl_config = config.get(host, config_prefix.."ssl") or global_ssl_config;
-			-- FIXME only global 'ssl' settings are mixed in here
-			-- TODO per host and per service settings should be merged in,
-			-- without overriding the per-host certificate
-			local ssl, err, cfg = certmanager.create_context(host, "server");
+			local config_prefix = (active_service.config_prefix or name).."_";
+			if config_prefix == "_" then config_prefix = ""; end
+			local prefix_ssl_config = config.get(host, config_prefix.."ssl");
+			local autocert = certmanager.find_host_cert(host);
+			local ssl, err, cfg = certmanager.create_context(host, "server", prefix_ssl_config, autocert, active_service.tls_cfg);
 			if ssl then
 				active_service.server.hosts[host] = ssl;
 			else