X-Git-Url: https://git.enpas.org/?a=blobdiff_plain;f=core%2Fcertmanager.lua;h=7f1ca42eebaad0676caf017608b3f6c12a4d0e7d;hb=4e2a8775d379a6a94bb976e1e505b214de483807;hp=5de604f7c1560aac1ad0178f3c66f6d7b4ce825c;hpb=d67b44d083d688733b9e4f8fe66e0b4c6995dccb;p=prosody.git diff --git a/core/certmanager.lua b/core/certmanager.lua index 5de604f7..7f1ca42e 100644 --- a/core/certmanager.lua +++ b/core/certmanager.lua @@ -1,3 +1,11 @@ +-- Prosody IM +-- Copyright (C) 2008-2010 Matthew Wild +-- Copyright (C) 2008-2010 Waqas Hussain +-- +-- This project is MIT/X11 licensed. Please see the +-- COPYING file in the source package for more information. +-- + local configmanager = require "core.configmanager"; local log = require "util.logger".init("certmanager"); local ssl = ssl; @@ -6,26 +14,29 @@ local ssl_newcontext = ssl and ssl.newcontext; local setmetatable, tostring = setmetatable, tostring; local prosody = prosody; -local resolve_path = prosody.resolve_relative_path; +local resolve_path = configmanager.resolve_relative_path; +local config_path = prosody.paths.config; module "certmanager" -- Global SSL options if not overridden per-host local default_ssl_config = configmanager.get("*", "core", "ssl"); +local default_capath = "/etc/ssl/certs"; -function create_context(host, mode, config) - if not ssl then return nil; end - - local user_ssl_config = config and config.core.ssl or default_ssl_config; +function create_context(host, mode, user_ssl_config) + user_ssl_config = user_ssl_config or default_ssl_config; + + if not ssl then return nil, "LuaSec (required for encryption) was not found"; end + if not user_ssl_config then return nil, "No SSL/TLS configuration present for "..host; end local ssl_config = { mode = mode; protocol = user_ssl_config.protocol or "sslv23"; - key = resolve_path(user_ssl_config.key); + key = resolve_path(config_path, user_ssl_config.key); password = user_ssl_config.password; - certificate = resolve_path(user_ssl_config.certificate); - capath = resolve_path(user_ssl_config.capath or default_capath); - cafile = resolve_path(user_ssl_config.cafile); + certificate = resolve_path(config_path, user_ssl_config.certificate); + capath = resolve_path(config_path, user_ssl_config.capath or default_capath); + cafile = resolve_path(config_path, user_ssl_config.cafile); verify = user_ssl_config.verify or "none"; options = user_ssl_config.options or "no_sslv2"; ciphers = user_ssl_config.ciphers; @@ -58,9 +69,8 @@ function create_context(host, mode, config) else log("error", "SSL/TLS: Error initialising for host %s: %s", host, err ); end - ssl = false - end - return ctx, err; + end + return ctx, err; end function reload_ssl_config()