diff options
author | Kim Alvefur <zash@zash.se> | 2021-06-10 15:30:54 +0200 |
---|---|---|
committer | Kim Alvefur <zash@zash.se> | 2021-06-10 15:30:54 +0200 |
commit | b665846031c6aabde96633ce5664ca80cec851f1 (patch) | |
tree | f9056c47b0f24f77114a4685af1d6bd535b869ba | |
parent | cdb0bff7d2cd90f2a99eb78302e6cd3eb57f544b (diff) | |
download | prosody-b665846031c6aabde96633ce5664ca80cec851f1.tar.gz prosody-b665846031c6aabde96633ce5664ca80cec851f1.zip |
core.portmanager: Reload direct TLS certificates after config reload
This should re-create all contexts the same way as when the service was
activated, which reloads certificates.
-rw-r--r-- | core/portmanager.lua | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/core/portmanager.lua b/core/portmanager.lua index cce4458b..74d43e88 100644 --- a/core/portmanager.lua +++ b/core/portmanager.lua @@ -280,6 +280,27 @@ prosody.events.add_handler("host-deactivated", function (host) end end); +prosody.events.add_handler("config-reloaded", function () + for service_name, interface, port, _, active_service in active_services:iter(nil, nil, nil, nil) do + if active_service.tls_cfg then + local service_info = active_service.service; + local config_prefix = (service_info.config_prefix or service_name).."_"; + if config_prefix == "_" then + config_prefix = ""; + end + local ssl, cfg, err = get_port_ssl_ctx(port, interface, config_prefix, service_info); + if ssl then + active_service.server:set_sslctx(ssl); + active_service.tls_cfg = cfg; + else + log("error", "Error reloading certificate for encrypted port for %s: %s", service_info.name, + error_to_friendly_message(service_name, port, err) or "unknown error"); + end + end + end + -- TODO Update SNI too +end, -1); + return { activate = activate; deactivate = deactivate; |