From e4fa881601597252684dcc0c4051c4f10691c5a8 Mon Sep 17 00:00:00 2001 From: Matthew Wild Date: Thu, 3 Apr 2025 12:02:45 +0100 Subject: portmanager: Take automatic cert selection into account when setting SNI cert This fixes (another) issue with the fix in 4ea7bd7325be, where it no longer checked the automatic cert index for an appropriate certificate. --- core/portmanager.lua | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/core/portmanager.lua b/core/portmanager.lua index e1dde176..2a090398 100644 --- a/core/portmanager.lua +++ b/core/portmanager.lua @@ -253,7 +253,8 @@ local function add_sni_host(host, service) -- TODO should this be some generic thing? e.g. in the service definition alternate_host = config.get(host, "http_host"); end - local ssl, err, cfg = certmanager.create_context(alternate_host or host, "server", prefix_ssl_config, active_service.tls_cfg); + local autocert = certmanager.find_host_cert(alternate_host or host); + local ssl, err, cfg = certmanager.create_context(alternate_host or host, "server", prefix_ssl_config, autocert, active_service.tls_cfg); if not ssl then log("error", "Error creating TLS context for SNI host %s: %s", host, err); else -- cgit v1.2.3 From 3905dcae02962457bfa8d426c472944358cfcf20 Mon Sep 17 00:00:00 2001 From: Matthew Wild Date: Thu, 3 Apr 2025 12:03:24 +0100 Subject: portmanager: Add debug log message to state which certificate we end up using --- core/portmanager.lua | 1 + 1 file changed, 1 insertion(+) diff --git a/core/portmanager.lua b/core/portmanager.lua index 2a090398..3b9b8d67 100644 --- a/core/portmanager.lua +++ b/core/portmanager.lua @@ -258,6 +258,7 @@ local function add_sni_host(host, service) if not ssl then log("error", "Error creating TLS context for SNI host %s: %s", host, err); else + log("debug", "Using certificate %s for %s (%s) on %s (%s)", cfg.certificate, service or name, name, alternate_host or host, host) local ok, err = active_service.server:sslctx():set_sni_host( alternate_host or host, cfg.certificate, -- cgit v1.2.3