- local function get_ssl_cfg(typ)
- local cfg_key = (typ and typ.."_" or "").."ssl";
- local ssl_config = config.rawget(module.host, cfg_key);
- if not ssl_config then
- local base_host = module.host:match("%.(.*)");
- ssl_config = config.get(base_host, cfg_key);
- end
- return ssl_config or typ and get_ssl_cfg();
- end
+ local NULL, err = {};
+ local modhost = module.host;
+ local parent = modhost:match("%.(.*)$");
+
+ local parent_ssl = rawgetopt(parent, "ssl") or NULL;
+ local host_ssl = rawgetopt(modhost, "ssl") or parent_ssl;
+
+ local global_c2s = rawgetopt("*", "c2s_ssl") or NULL;
+ local parent_c2s = rawgetopt(parent, "c2s_ssl") or NULL;
+ local host_c2s = rawgetopt(modhost, "c2s_ssl") or parent_c2s;
+
+ local global_s2s = rawgetopt("*", "s2s_ssl") or NULL;
+ local parent_s2s = rawgetopt(parent, "s2s_ssl") or NULL;
+ local host_s2s = rawgetopt(modhost, "s2s_ssl") or parent_s2s;
+
+ ssl_ctx_c2s, err, ssl_cfg_c2s = create_context(host.host, "server", host_c2s, host_ssl, global_c2s); -- for incoming client connections
+ if not ssl_ctx_c2s then module:log("error", "Error creating context for c2s: %s", err); end