diff options
| author | Kim Alvefur <zash@zash.se> | 2019-11-29 23:24:14 +0100 |
|---|---|---|
| committer | Kim Alvefur <zash@zash.se> | 2019-11-29 23:24:14 +0100 |
| commit | 1f33d9c6bb1310ba153580cfdb8d1d36a838f2b7 (patch) | |
| tree | 0ee54db82db19969db66bdb65acbf8f9ae68878f /core | |
| parent | b65b591c7a19f17f73097e3120f0d13c7dd49886 (diff) | |
| download | prosody-1f33d9c6bb1310ba153580cfdb8d1d36a838f2b7.tar.gz prosody-1f33d9c6bb1310ba153580cfdb8d1d36a838f2b7.zip | |
core.portmanager: Fix TLS context inheritance for SNI hosts (completes SNI support)
Diffstat (limited to 'core')
| -rw-r--r-- | core/certmanager.lua | 1 | ||||
| -rw-r--r-- | core/portmanager.lua | 15 |
2 files changed, 6 insertions, 10 deletions
diff --git a/core/certmanager.lua b/core/certmanager.lua index b20a0cdb..663cebb4 100644 --- a/core/certmanager.lua +++ b/core/certmanager.lua @@ -252,4 +252,5 @@ return { create_context = create_context; reload_ssl_config = reload_ssl_config; find_cert = find_cert; + find_host_cert = find_host_cert; }; diff --git a/core/portmanager.lua b/core/portmanager.lua index e94720dd..fced3f8f 100644 --- a/core/portmanager.lua +++ b/core/portmanager.lua @@ -230,19 +230,14 @@ end -- Event handlers local function add_sni_host(host, service) - -- local global_ssl_config = config.get(host, "ssl") or {}; for name, interface, port, n, active_service --luacheck: ignore 213 in active_services:iter(service, nil, nil, nil) do if active_service.server.hosts and active_service.tls_cfg then - -- local config_prefix = (active_service.config_prefix or name).."_"; - -- if config_prefix == "_" then - -- config_prefix = ""; - -- end - -- local prefix_ssl_config = config.get(host, config_prefix.."ssl") or global_ssl_config; - -- FIXME only global 'ssl' settings are mixed in here - -- TODO per host and per service settings should be merged in, - -- without overriding the per-host certificate - local ssl, err, cfg = certmanager.create_context(host, "server"); + local config_prefix = (active_service.config_prefix or name).."_"; + if config_prefix == "_" then config_prefix = ""; end + local prefix_ssl_config = config.get(host, config_prefix.."ssl"); + local autocert = certmanager.find_host_cert(host); + local ssl, err, cfg = certmanager.create_context(host, "server", prefix_ssl_config, autocert, active_service.tls_cfg); if ssl then active_service.server.hosts[host] = ssl; else |