Software / code / prosody
Changeset
10463:fbeb7a3fc4eb
core.portmanager: Fix TLS context inheritance for SNI hosts (completes SNI support)
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Fri, 29 Nov 2019 23:24:14 +0100 |
| parents | 10462:9af6ab2623b0 |
| children | 10464:8d3acf16c404 |
| files | core/certmanager.lua core/portmanager.lua |
| diffstat | 2 files changed, 6 insertions(+), 10 deletions(-) [+] |
line wrap: on
line diff
--- a/core/certmanager.lua Fri Nov 29 23:22:29 2019 +0100 +++ b/core/certmanager.lua Fri Nov 29 23:24:14 2019 +0100 @@ -252,4 +252,5 @@ create_context = create_context; reload_ssl_config = reload_ssl_config; find_cert = find_cert; + find_host_cert = find_host_cert; };
--- a/core/portmanager.lua Fri Nov 29 23:22:29 2019 +0100 +++ b/core/portmanager.lua Fri Nov 29 23:24:14 2019 +0100 @@ -230,19 +230,14 @@ -- Event handlers local function add_sni_host(host, service) - -- local global_ssl_config = config.get(host, "ssl") or {}; for name, interface, port, n, active_service --luacheck: ignore 213 in active_services:iter(service, nil, nil, nil) do if active_service.server.hosts and active_service.tls_cfg then - -- local config_prefix = (active_service.config_prefix or name).."_"; - -- if config_prefix == "_" then - -- config_prefix = ""; - -- end - -- local prefix_ssl_config = config.get(host, config_prefix.."ssl") or global_ssl_config; - -- FIXME only global 'ssl' settings are mixed in here - -- TODO per host and per service settings should be merged in, - -- without overriding the per-host certificate - local ssl, err, cfg = certmanager.create_context(host, "server"); + local config_prefix = (active_service.config_prefix or name).."_"; + if config_prefix == "_" then config_prefix = ""; end + local prefix_ssl_config = config.get(host, config_prefix.."ssl"); + local autocert = certmanager.find_host_cert(host); + local ssl, err, cfg = certmanager.create_context(host, "server", prefix_ssl_config, autocert, active_service.tls_cfg); if ssl then active_service.server.hosts[host] = ssl; else
