Changeset

3571:675d65036f31

certmanager, hostmanager, mod_tls: Move responsibility for creating per-host SSL contexts to mod_tls, meaning reloading certs is now as trivial as reloading mod_tls
author Matthew Wild <mwild1@gmail.com>
date Sat, 06 Nov 2010 18:28:15 +0000
parents 3570:6ef68af9431c
children 3572:fb7fc154a56a
files core/certmanager.lua core/hostmanager.lua plugins/mod_tls.lua
diffstat 3 files changed, 14 insertions(+), 8 deletions(-) [+]
line wrap: on
line diff
--- a/core/certmanager.lua	Sat Nov 06 03:46:19 2010 +0500
+++ b/core/certmanager.lua	Sat Nov 06 18:28:15 2010 +0000
@@ -23,8 +23,8 @@
 local default_ssl_config = configmanager.get("*", "core", "ssl");
 local default_capath = "/etc/ssl/certs";
 
-function create_context(host, mode, config)
-	local user_ssl_config = config and config.core.ssl or default_ssl_config;
+function create_context(host, mode, user_ssl_config)
+	user_ssl_config = user_ssl_config or default_ssl_config;
 
 	if not ssl then return nil, "LuaSec (required for encryption) was not found"; end
 	if not user_ssl_config then return nil, "No SSL/TLS configuration present for "..host; end
--- a/core/hostmanager.lua	Sat Nov 06 03:46:19 2010 +0500
+++ b/core/hostmanager.lua	Sat Nov 06 18:28:15 2010 +0000
@@ -6,9 +6,6 @@
 -- COPYING file in the source package for more information.
 --
 
-local ssl = ssl
-
-local certmanager = require "core.certmanager";
 local configmanager = require "core.configmanager";
 local modulemanager = require "core.modulemanager";
 local events_new = require "util.events".new;
@@ -65,9 +62,6 @@
 		end
 	end
 	
-	hosts[host].ssl_ctx = certmanager.create_context(host, "client", host_config); -- for outgoing connections
-	hosts[host].ssl_ctx_in = certmanager.create_context(host, "server", host_config); -- for incoming connections
-	
 	log((hosts_loaded_once and "info") or "debug", "Activated host: %s", host);
 	prosody_events.fire_event("host-activated", host, host_config);
 end
--- a/plugins/mod_tls.lua	Sat Nov 06 03:46:19 2010 +0500
+++ b/plugins/mod_tls.lua	Sat Nov 06 18:28:15 2010 +0000
@@ -6,6 +6,7 @@
 -- COPYING file in the source package for more information.
 --
 
+local create_context = require "core.certmanager".create_context;
 local st = require "util.stanza";
 
 local secure_auth_only = module:get_option("c2s_require_encryption") or module:get_option("require_encryption");
@@ -87,3 +88,14 @@
 	session.secure = false;
 	return true;
 end);
+
+function module.load()
+	local ssl_config = module:get_option("ssl");
+	host.ssl_ctx = create_context(host, "client", ssl_config); -- for outgoing connections
+	host.ssl_ctx_in = create_context(host, "server", ssl_config); -- for incoming connections
+end
+
+function module.unload()
+	host.ssl_ctx = nil;
+	host.ssl_ctx_in = nil;
+end