diff options
| -rw-r--r-- | core/portmanager.lua | 24 |
1 files changed, 14 insertions, 10 deletions
diff --git a/core/portmanager.lua b/core/portmanager.lua index 904c979c..88bd7b61 100644 --- a/core/portmanager.lua +++ b/core/portmanager.lua @@ -245,22 +245,26 @@ local function add_sni_host(host, service) for name, interface, port, n, active_service --luacheck: ignore 213 in active_services:iter(service, nil, nil, nil) do if active_service.server and active_service.tls_cfg then + local config_prefix = (active_service.config_prefix or name).."_"; + if config_prefix == "_" then config_prefix = ""; end + local prefix_ssl_config = config.get(host, config_prefix.."ssl"); local alternate_host = name and config.get(host, name.."_host"); if not alternate_host and name == "https" then -- TODO should this be some generic thing? e.g. in the service definition alternate_host = config.get(host, "http_host"); end - local autocert = certmanager.find_host_cert(alternate_host or host); - local manualcert = active_service.tls_cfg; - local certificate = (autocert and autocert.certificate) or manualcert.certificate; - local key = (autocert and autocert.key) or manualcert.key; - local ok, err = active_service.server:sslctx():set_sni_host( - host, - certificate, - key - ); - if not ok then + local ssl, err, cfg = certmanager.create_context(alternate_host or host, "server", prefix_ssl_config, active_service.tls_cfg); + if not ssl then log("error", "Error creating TLS context for SNI host %s: %s", host, err); + else + local ok, err = active_service.server:sslctx():set_sni_host( + host, + cfg.certificate, + cfg.key + ); + if not ok then + log("error", "Error creating TLS context for SNI host %s: %s", host, err); + end end end end |