diff options
author | Matthew Wild <mwild1@gmail.com> | 2012-05-11 21:24:43 +0100 |
---|---|---|
committer | Matthew Wild <mwild1@gmail.com> | 2012-05-11 21:24:43 +0100 |
commit | f217c2ffd16c3e15cfafad28d688c46362ebcba9 (patch) | |
tree | 4c4bade29c9146968aa838bba905782984c96933 /core/portmanager.lua | |
parent | b663c96ff9063e1ecd59865c8aa8042218eb4d7f (diff) | |
download | prosody-f217c2ffd16c3e15cfafad28d688c46362ebcba9.tar.gz prosody-f217c2ffd16c3e15cfafad28d688c46362ebcba9.zip |
portmanager: Support for per-port SSL certificates
Diffstat (limited to 'core/portmanager.lua')
-rw-r--r-- | core/portmanager.lua | 15 |
1 files changed, 8 insertions, 7 deletions
diff --git a/core/portmanager.lua b/core/portmanager.lua index 1482160d..2e99040b 100644 --- a/core/portmanager.lua +++ b/core/portmanager.lua @@ -1,4 +1,5 @@ local config = require "core.configmanager"; +local certmanager = require "core.certmanager"; local server = require "net.server"; local log = require "util.logger".init("portmanager"); @@ -102,13 +103,6 @@ function activate(service_name) }); local mode = listener.default_mode or "*a"; - local ssl; - if service_info.encryption == "ssl" then - ssl = prosody.global_ssl_ctx; - if not ssl then - return nil, "global-ssl-context-required"; - end - end for interface in bind_interfaces do for port in bind_ports do @@ -116,6 +110,13 @@ function activate(service_name) if #active_services:search(nil, interface, port) > 0 then log("error", "Multiple services configured to listen on the same port ([%s]:%d): %s, %s", interface, port, active_services:search(nil, interface, port)[1][1].service.name or "<unnamed>", service_name or "<unnamed>"); else + -- Create SSL context for this service/port + if service_info.encryption == "ssl" then + local ssl_config = config.get("*", config_prefix.."ssl"); + ssl = certmanager.create_context(service_info.name.." port "..port, "server", ssl_config and (ssl_config[port] + or (ssl_config.certificate and ssl_config))); + end + -- Start listening on interface+port local handler, err = server.addserver(interface, port, listener, mode, ssl); if not handler then log("error", "Failed to open server port %d on %s, %s", port, interface, error_to_friendly_message(service_name, port, err)); |