aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKim Alvefur <zash@zash.se>2021-06-10 15:30:54 +0200
committerKim Alvefur <zash@zash.se>2021-06-10 15:30:54 +0200
commitb665846031c6aabde96633ce5664ca80cec851f1 (patch)
treef9056c47b0f24f77114a4685af1d6bd535b869ba
parentcdb0bff7d2cd90f2a99eb78302e6cd3eb57f544b (diff)
downloadprosody-b665846031c6aabde96633ce5664ca80cec851f1.tar.gz
prosody-b665846031c6aabde96633ce5664ca80cec851f1.zip
core.portmanager: Reload direct TLS certificates after config reload
This should re-create all contexts the same way as when the service was activated, which reloads certificates.
-rw-r--r--core/portmanager.lua21
1 files changed, 21 insertions, 0 deletions
diff --git a/core/portmanager.lua b/core/portmanager.lua
index cce4458b..74d43e88 100644
--- a/core/portmanager.lua
+++ b/core/portmanager.lua
@@ -280,6 +280,27 @@ prosody.events.add_handler("host-deactivated", function (host)
end
end);
+prosody.events.add_handler("config-reloaded", function ()
+ for service_name, interface, port, _, active_service in active_services:iter(nil, nil, nil, nil) do
+ if active_service.tls_cfg then
+ local service_info = active_service.service;
+ local config_prefix = (service_info.config_prefix or service_name).."_";
+ if config_prefix == "_" then
+ config_prefix = "";
+ end
+ local ssl, cfg, err = get_port_ssl_ctx(port, interface, config_prefix, service_info);
+ if ssl then
+ active_service.server:set_sslctx(ssl);
+ active_service.tls_cfg = cfg;
+ else
+ log("error", "Error reloading certificate for encrypted port for %s: %s", service_info.name,
+ error_to_friendly_message(service_name, port, err) or "unknown error");
+ end
+ end
+ end
+ -- TODO Update SNI too
+end, -1);
+
return {
activate = activate;
deactivate = deactivate;