diff options
| author | Kim Alvefur <zash@zash.se> | 2018-09-13 20:37:43 +0200 |
|---|---|---|
| committer | Kim Alvefur <zash@zash.se> | 2018-09-13 20:37:43 +0200 |
| commit | 416607e20e5439c17f4cf6673d982e61ef90f488 (patch) | |
| tree | 647579be91c769126b898fa608636f17fd0af333 /net | |
| parent | 2219abbc3f16b89861f65bc8f30b354c1605ff13 (diff) | |
| download | prosody-416607e20e5439c17f4cf6673d982e61ef90f488.tar.gz prosody-416607e20e5439c17f4cf6673d982e61ef90f488.zip | |
net.server_epoll: Refactor Direct TLS assumptions outwards
The assumption that connections are "Direct TLS" when a TLS context is
supplided should be broken. The goal is to make it easy to add a new API
that can be given a TLS context at creation even if it should do
STARTTLS.
With this commit, only the exposed server_select-compatible API assumes
Direct TLS when a TLS context is included.
Diffstat (limited to 'net')
| -rw-r--r-- | net/server_epoll.lua | 25 |
1 files changed, 17 insertions, 8 deletions
diff --git a/net/server_epoll.lua b/net/server_epoll.lua index 0de590ce..055f7344 100644 --- a/net/server_epoll.lua +++ b/net/server_epoll.lua @@ -454,7 +454,6 @@ function interface:tlshandskake() self.onreadable = nil; self._tls = true; self:on("status", "ssl-handshake-complete"); - self.init = nil; -- Restore default method self:init(); elseif err == "wantread" then log("debug", "TLS handshake on %s to wait until readable", self); @@ -489,9 +488,6 @@ local function wrapsocket(client, server, pattern, listeners, tls_ctx) -- luasoc if client.getsockname then conn.sockname, conn.sockport = client:getsockname(); end - if tls_ctx then - conn.init = interface.starttls; - end return conn; end @@ -504,9 +500,13 @@ function interface:onacceptable() self:pausefor(cfg.accept_retry_interval); return; end - local client = wrapsocket(conn, self, nil, self.listeners, self.tls_ctx); + local client = wrapsocket(conn, self, nil, self.listeners); log("debug", "New connection %s", tostring(client)); - client:init(); + if self.tls_direct then + client:starttls(self.tls_ctx); + else + client:init(); + end end -- Initialization @@ -559,6 +559,7 @@ local function addserver(addr, port, listeners, pattern, tls_ctx) _pattern = pattern; onreadable = interface.onacceptable; tls_ctx = tls_ctx; + tls_direct = tls_ctx and true or false; sockname = addr; sockport = port; }, interface_mt); @@ -572,7 +573,11 @@ local function wrapclient(conn, addr, port, listeners, pattern, tls_ctx) if not client.peername then client.peername, client.peerport = addr, port; end - client:init(); + if tls_ctx then + client:starttls(tls_ctx); + else + client:init(); + end return client; end @@ -583,7 +588,11 @@ local function addclient(addr, port, listeners, pattern, tls_ctx) conn:settimeout(0); conn:connect(addr, port); local client = wrapsocket(conn, nil, pattern, listeners, tls_ctx) - client:init(); + if tls_ctx then + client:starttls(tls_ctx); + else + client:init(); + end return client, conn; end |