From b665846031c6aabde96633ce5664ca80cec851f1 Mon Sep 17 00:00:00 2001
From: Kim Alvefur <zash@zash.se>
Date: Thu, 10 Jun 2021 15:30:54 +0200
Subject: core.portmanager: Reload direct TLS certificates after config reload

This should re-create all contexts the same way as when the service was
activated, which reloads certificates.
---
 core/portmanager.lua | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

(limited to 'core')

diff --git a/core/portmanager.lua b/core/portmanager.lua
index cce4458b..74d43e88 100644
--- a/core/portmanager.lua
+++ b/core/portmanager.lua
@@ -280,6 +280,27 @@ prosody.events.add_handler("host-deactivated", function (host)
 	end
 end);
 
+prosody.events.add_handler("config-reloaded", function ()
+	for service_name, interface, port, _, active_service in active_services:iter(nil, nil, nil, nil) do
+		if active_service.tls_cfg then
+			local service_info = active_service.service;
+			local config_prefix = (service_info.config_prefix or service_name).."_";
+			if config_prefix == "_" then
+				config_prefix = "";
+			end
+			local ssl, cfg, err = get_port_ssl_ctx(port, interface, config_prefix, service_info);
+			if ssl then
+				active_service.server:set_sslctx(ssl);
+				active_service.tls_cfg = cfg;
+			else
+				log("error", "Error reloading certificate for encrypted port for %s: %s", service_info.name,
+					error_to_friendly_message(service_name, port, err) or "unknown error");
+			end
+		end
+	end
+	-- TODO Update SNI too
+end, -1);
+
 return {
 	activate = activate;
 	deactivate = deactivate;
-- 
cgit v1.2.3