aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKim Alvefur <zash@zash.se>2021-06-10 15:21:07 +0200
committerKim Alvefur <zash@zash.se>2021-06-10 15:21:07 +0200
commitcdb0bff7d2cd90f2a99eb78302e6cd3eb57f544b (patch)
tree8598e8909ddf70863a5c9e0979cfba51659ce006
parent672f9dcd637b9652d2ecd791410bbce3849736bc (diff)
downloadprosody-cdb0bff7d2cd90f2a99eb78302e6cd3eb57f544b.tar.gz
prosody-cdb0bff7d2cd90f2a99eb78302e6cd3eb57f544b.zip
core.portmanager: Factor out base TLS context creation for reuse
Thinking I can use this to reload certificates after config reload
-rw-r--r--core/portmanager.lua25
1 files changed, 15 insertions, 10 deletions
diff --git a/core/portmanager.lua b/core/portmanager.lua
index e3bc4c49..cce4458b 100644
--- a/core/portmanager.lua
+++ b/core/portmanager.lua
@@ -65,6 +65,20 @@ local function error_to_friendly_message(service_name, port, err) --luacheck: ig
return friendly_message;
end
+local function get_port_ssl_ctx(port, interface, config_prefix, service_info)
+ local global_ssl_config = config.get("*", "ssl") or {};
+ local prefix_ssl_config = config.get("*", config_prefix.."ssl") or global_ssl_config;
+ log("debug", "Creating context for direct TLS service %s on port %d", service_info.name, port);
+ local ssl, err, cfg = certmanager.create_context(service_info.name.." port "..port, "server",
+ prefix_ssl_config[interface],
+ prefix_ssl_config[port],
+ prefix_ssl_config,
+ service_info.ssl_config or {},
+ global_ssl_config[interface],
+ global_ssl_config[port]);
+ return ssl, cfg, err;
+end
+
--- Public API
local function activate(service_name)
@@ -111,16 +125,7 @@ local function activate(service_name)
local ssl, cfg, err;
-- Create SSL context for this service/port
if service_info.encryption == "ssl" then
- local global_ssl_config = config.get("*", "ssl") or {};
- local prefix_ssl_config = config.get("*", config_prefix.."ssl") or global_ssl_config;
- log("debug", "Creating context for direct TLS service %s on port %d", service_info.name, port);
- ssl, err, cfg = certmanager.create_context(service_info.name.." port "..port, "server",
- prefix_ssl_config[interface],
- prefix_ssl_config[port],
- prefix_ssl_config,
- service_info.ssl_config or {},
- global_ssl_config[interface],
- global_ssl_config[port]);
+ ssl, cfg, err = get_port_ssl_ctx(port, interface, config_prefix, service_info);
if not ssl then
log("error", "Error binding encrypted port for %s: %s", service_info.name,
error_to_friendly_message(service_name, port_number, err) or "unknown error");