Software /
code /
prosody
Changeset
3571:675d65036f31
certmanager, hostmanager, mod_tls: Move responsibility for creating per-host SSL contexts to mod_tls, meaning reloading certs is now as trivial as reloading mod_tls
author | Matthew Wild <mwild1@gmail.com> |
---|---|
date | Sat, 06 Nov 2010 18:28:15 +0000 |
parents | 3570:6ef68af9431c |
children | 3572:fb7fc154a56a |
files | core/certmanager.lua core/hostmanager.lua plugins/mod_tls.lua |
diffstat | 3 files changed, 14 insertions(+), 8 deletions(-) [+] |
line wrap: on
line diff
--- a/core/certmanager.lua Sat Nov 06 03:46:19 2010 +0500 +++ b/core/certmanager.lua Sat Nov 06 18:28:15 2010 +0000 @@ -23,8 +23,8 @@ local default_ssl_config = configmanager.get("*", "core", "ssl"); local default_capath = "/etc/ssl/certs"; -function create_context(host, mode, config) - local user_ssl_config = config and config.core.ssl or default_ssl_config; +function create_context(host, mode, user_ssl_config) + user_ssl_config = user_ssl_config or default_ssl_config; if not ssl then return nil, "LuaSec (required for encryption) was not found"; end if not user_ssl_config then return nil, "No SSL/TLS configuration present for "..host; end
--- a/core/hostmanager.lua Sat Nov 06 03:46:19 2010 +0500 +++ b/core/hostmanager.lua Sat Nov 06 18:28:15 2010 +0000 @@ -6,9 +6,6 @@ -- COPYING file in the source package for more information. -- -local ssl = ssl - -local certmanager = require "core.certmanager"; local configmanager = require "core.configmanager"; local modulemanager = require "core.modulemanager"; local events_new = require "util.events".new; @@ -65,9 +62,6 @@ end end - hosts[host].ssl_ctx = certmanager.create_context(host, "client", host_config); -- for outgoing connections - hosts[host].ssl_ctx_in = certmanager.create_context(host, "server", host_config); -- for incoming connections - log((hosts_loaded_once and "info") or "debug", "Activated host: %s", host); prosody_events.fire_event("host-activated", host, host_config); end
--- a/plugins/mod_tls.lua Sat Nov 06 03:46:19 2010 +0500 +++ b/plugins/mod_tls.lua Sat Nov 06 18:28:15 2010 +0000 @@ -6,6 +6,7 @@ -- COPYING file in the source package for more information. -- +local create_context = require "core.certmanager".create_context; local st = require "util.stanza"; local secure_auth_only = module:get_option("c2s_require_encryption") or module:get_option("require_encryption"); @@ -87,3 +88,14 @@ session.secure = false; return true; end); + +function module.load() + local ssl_config = module:get_option("ssl"); + host.ssl_ctx = create_context(host, "client", ssl_config); -- for outgoing connections + host.ssl_ctx_in = create_context(host, "server", ssl_config); -- for incoming connections +end + +function module.unload() + host.ssl_ctx = nil; + host.ssl_ctx_in = nil; +end