aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKim Alvefur <zash@zash.se>2018-09-14 01:30:56 +0200
committerKim Alvefur <zash@zash.se>2018-09-14 01:30:56 +0200
commit2878ed99a5780d3de6714f1f8141fa6f1661f2cb (patch)
tree9f1c1d5214ed21a27ac3a81d5ec3fbe2e5cad537
parent5313a0c5c608dccdee0b663f2072be05203980c0 (diff)
downloadprosody-2878ed99a5780d3de6714f1f8141fa6f1661f2cb.tar.gz
prosody-2878ed99a5780d3de6714f1f8141fa6f1661f2cb.zip
core.portmanager: Collect per-host certificates for SNI
-rw-r--r--core/portmanager.lua41
1 files changed, 41 insertions, 0 deletions
diff --git a/core/portmanager.lua b/core/portmanager.lua
index 17758a36..5aef07d7 100644
--- a/core/portmanager.lua
+++ b/core/portmanager.lua
@@ -10,6 +10,7 @@ local set = require "util.set";
local table = table;
local setmetatable, rawset, rawget = setmetatable, rawset, rawget;
local type, tonumber, tostring, ipairs = type, tonumber, tostring, ipairs;
+local pairs = pairs;
local prosody = prosody;
local fire_event = prosody.events.fire_event;
@@ -227,15 +228,55 @@ end
-- Event handlers
+local function add_sni_host(host, service)
+ -- local global_ssl_config = config.get(host, "ssl") or {};
+ for name, interface, port, n, active_service --luacheck: ignore 213
+ in active_services:iter(service, nil, nil, nil) do
+ if active_service.server.hosts and active_service.tls_cfg then
+ -- local config_prefix = (active_service.config_prefix or name).."_";
+ -- if config_prefix == "_" then
+ -- config_prefix = "";
+ -- end
+ -- local prefix_ssl_config = config.get(host, config_prefix.."ssl") or global_ssl_config;
+ -- FIXME only global 'ssl' settings are mixed in here
+ -- TODO per host and per service settings should be merged in,
+ -- without overriding the per-host certificate
+ local ssl, err, cfg = certmanager.create_context(host, "server");
+ if ssl then
+ active_service.server.hosts[host] = ssl;
+ if not active_service.tls_cfg.certificate then
+ active_service.server.tls_ctx = ssl;
+ active_service.tls_cfg = cfg;
+ end
+ else
+ log("error", "err = %q", err);
+ end
+ end
+ end
+end
+
prosody.events.add_handler("item-added/net-provider", function (event)
local item = event.item;
register_service(item.name, item);
+ for host in pairs(prosody.hosts) do
+ add_sni_host(host, item.name);
+ end
end);
prosody.events.add_handler("item-removed/net-provider", function (event)
local item = event.item;
unregister_service(item.name, item);
end);
+prosody.events.add_handler("host-activated", add_sni_host);
+prosody.events.add_handler("host-deactivated", function (host)
+ for name, interface, port, n, active_service --luacheck: ignore 213
+ in active_services:iter(nil, nil, nil, nil) do
+ if active_service.tls_cfg then
+ active_service.server.hosts[host] = nil;
+ end
+ end
+end);
+
return {
activate = activate;
deactivate = deactivate;