diff options
| author | Kim Alvefur <zash@zash.se> | 2021-06-10 15:21:07 +0200 |
|---|---|---|
| committer | Kim Alvefur <zash@zash.se> | 2021-06-10 15:21:07 +0200 |
| commit | cdb0bff7d2cd90f2a99eb78302e6cd3eb57f544b (patch) | |
| tree | 8598e8909ddf70863a5c9e0979cfba51659ce006 /core | |
| parent | 672f9dcd637b9652d2ecd791410bbce3849736bc (diff) | |
| download | prosody-cdb0bff7d2cd90f2a99eb78302e6cd3eb57f544b.tar.gz prosody-cdb0bff7d2cd90f2a99eb78302e6cd3eb57f544b.zip | |
core.portmanager: Factor out base TLS context creation for reuse
Thinking I can use this to reload certificates after config reload
Diffstat (limited to 'core')
| -rw-r--r-- | core/portmanager.lua | 25 |
1 files changed, 15 insertions, 10 deletions
diff --git a/core/portmanager.lua b/core/portmanager.lua index e3bc4c49..cce4458b 100644 --- a/core/portmanager.lua +++ b/core/portmanager.lua @@ -65,6 +65,20 @@ local function error_to_friendly_message(service_name, port, err) --luacheck: ig return friendly_message; end +local function get_port_ssl_ctx(port, interface, config_prefix, service_info) + local global_ssl_config = config.get("*", "ssl") or {}; + local prefix_ssl_config = config.get("*", config_prefix.."ssl") or global_ssl_config; + log("debug", "Creating context for direct TLS service %s on port %d", service_info.name, port); + local ssl, err, cfg = certmanager.create_context(service_info.name.." port "..port, "server", + prefix_ssl_config[interface], + prefix_ssl_config[port], + prefix_ssl_config, + service_info.ssl_config or {}, + global_ssl_config[interface], + global_ssl_config[port]); + return ssl, cfg, err; +end + --- Public API local function activate(service_name) @@ -111,16 +125,7 @@ local function activate(service_name) local ssl, cfg, err; -- Create SSL context for this service/port if service_info.encryption == "ssl" then - local global_ssl_config = config.get("*", "ssl") or {}; - local prefix_ssl_config = config.get("*", config_prefix.."ssl") or global_ssl_config; - log("debug", "Creating context for direct TLS service %s on port %d", service_info.name, port); - ssl, err, cfg = certmanager.create_context(service_info.name.." port "..port, "server", - prefix_ssl_config[interface], - prefix_ssl_config[port], - prefix_ssl_config, - service_info.ssl_config or {}, - global_ssl_config[interface], - global_ssl_config[port]); + ssl, cfg, err = get_port_ssl_ctx(port, interface, config_prefix, service_info); if not ssl then log("error", "Error binding encrypted port for %s: %s", service_info.name, error_to_friendly_message(service_name, port_number, err) or "unknown error"); |