aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMatthew Wild <mwild1@gmail.com>2010-11-06 18:28:15 +0000
committerMatthew Wild <mwild1@gmail.com>2010-11-06 18:28:15 +0000
commitc6045f3c70bf31cb54f66af60e10e5e788256b10 (patch)
tree2ccce526e76f0e3b873ec13133b3eaf9b5edee37
parentc5bcc70db662a51e4e704b034646bf194aed8b35 (diff)
downloadprosody-c6045f3c70bf31cb54f66af60e10e5e788256b10.tar.gz
prosody-c6045f3c70bf31cb54f66af60e10e5e788256b10.zip
certmanager, hostmanager, mod_tls: Move responsibility for creating per-host SSL contexts to mod_tls, meaning reloading certs is now as trivial as reloading mod_tls
-rw-r--r--core/certmanager.lua4
-rw-r--r--core/hostmanager.lua6
-rw-r--r--plugins/mod_tls.lua12
3 files changed, 14 insertions, 8 deletions
diff --git a/core/certmanager.lua b/core/certmanager.lua
index 3f7bb348..79651242 100644
--- a/core/certmanager.lua
+++ b/core/certmanager.lua
@@ -23,8 +23,8 @@ module "certmanager"
local default_ssl_config = configmanager.get("*", "core", "ssl");
local default_capath = "/etc/ssl/certs";
-function create_context(host, mode, config)
- local user_ssl_config = config and config.core.ssl or default_ssl_config;
+function create_context(host, mode, user_ssl_config)
+ user_ssl_config = user_ssl_config or default_ssl_config;
if not ssl then return nil, "LuaSec (required for encryption) was not found"; end
if not user_ssl_config then return nil, "No SSL/TLS configuration present for "..host; end
diff --git a/core/hostmanager.lua b/core/hostmanager.lua
index cc19fb91..26a39691 100644
--- a/core/hostmanager.lua
+++ b/core/hostmanager.lua
@@ -6,9 +6,6 @@
-- COPYING file in the source package for more information.
--
-local ssl = ssl
-
-local certmanager = require "core.certmanager";
local configmanager = require "core.configmanager";
local modulemanager = require "core.modulemanager";
local events_new = require "util.events".new;
@@ -65,9 +62,6 @@ function activate(host, host_config)
end
end
- hosts[host].ssl_ctx = certmanager.create_context(host, "client", host_config); -- for outgoing connections
- hosts[host].ssl_ctx_in = certmanager.create_context(host, "server", host_config); -- for incoming connections
-
log((hosts_loaded_once and "info") or "debug", "Activated host: %s", host);
prosody_events.fire_event("host-activated", host, host_config);
end
diff --git a/plugins/mod_tls.lua b/plugins/mod_tls.lua
index a2667ff6..fa7b4688 100644
--- a/plugins/mod_tls.lua
+++ b/plugins/mod_tls.lua
@@ -6,6 +6,7 @@
-- COPYING file in the source package for more information.
--
+local create_context = require "core.certmanager".create_context;
local st = require "util.stanza";
local secure_auth_only = module:get_option("c2s_require_encryption") or module:get_option("require_encryption");
@@ -87,3 +88,14 @@ module:hook_stanza(xmlns_starttls, "proceed", function (session, stanza)
session.secure = false;
return true;
end);
+
+function module.load()
+ local ssl_config = module:get_option("ssl");
+ host.ssl_ctx = create_context(host, "client", ssl_config); -- for outgoing connections
+ host.ssl_ctx_in = create_context(host, "server", ssl_config); -- for incoming connections
+end
+
+function module.unload()
+ host.ssl_ctx = nil;
+ host.ssl_ctx_in = nil;
+end