aboutsummaryrefslogtreecommitdiffstats
path: root/core
diff options
context:
space:
mode:
authorMatthew Wild <mwild1@gmail.com>2012-05-11 21:24:43 +0100
committerMatthew Wild <mwild1@gmail.com>2012-05-11 21:24:43 +0100
commitf217c2ffd16c3e15cfafad28d688c46362ebcba9 (patch)
tree4c4bade29c9146968aa838bba905782984c96933 /core
parentb663c96ff9063e1ecd59865c8aa8042218eb4d7f (diff)
downloadprosody-f217c2ffd16c3e15cfafad28d688c46362ebcba9.tar.gz
prosody-f217c2ffd16c3e15cfafad28d688c46362ebcba9.zip
portmanager: Support for per-port SSL certificates
Diffstat (limited to 'core')
-rw-r--r--core/portmanager.lua15
1 files changed, 8 insertions, 7 deletions
diff --git a/core/portmanager.lua b/core/portmanager.lua
index 1482160d..2e99040b 100644
--- a/core/portmanager.lua
+++ b/core/portmanager.lua
@@ -1,4 +1,5 @@
local config = require "core.configmanager";
+local certmanager = require "core.certmanager";
local server = require "net.server";
local log = require "util.logger".init("portmanager");
@@ -102,13 +103,6 @@ function activate(service_name)
});
local mode = listener.default_mode or "*a";
- local ssl;
- if service_info.encryption == "ssl" then
- ssl = prosody.global_ssl_ctx;
- if not ssl then
- return nil, "global-ssl-context-required";
- end
- end
for interface in bind_interfaces do
for port in bind_ports do
@@ -116,6 +110,13 @@ function activate(service_name)
if #active_services:search(nil, interface, port) > 0 then
log("error", "Multiple services configured to listen on the same port ([%s]:%d): %s, %s", interface, port, active_services:search(nil, interface, port)[1][1].service.name or "<unnamed>", service_name or "<unnamed>");
else
+ -- Create SSL context for this service/port
+ if service_info.encryption == "ssl" then
+ local ssl_config = config.get("*", config_prefix.."ssl");
+ ssl = certmanager.create_context(service_info.name.." port "..port, "server", ssl_config and (ssl_config[port]
+ or (ssl_config.certificate and ssl_config)));
+ end
+ -- Start listening on interface+port
local handler, err = server.addserver(interface, port, listener, mode, ssl);
if not handler then
log("error", "Failed to open server port %d on %s, %s", port, interface, error_to_friendly_message(service_name, port, err));