# HG changeset patch
# User Kim Alvefur <zash@zash.se>
# Date 1623331854 -7200
# Node ID 7e1ca18fdfb38f83102041bf5e8afc3f5331829d
# Parent  f6f1b50cbedf70746ad0cc64fab9a5acb9f2eef1
core.portmanager: Reload direct TLS certificates after config reload

This should re-create all contexts the same way as when the service was
activated, which reloads certificates.

diff -r f6f1b50cbedf -r 7e1ca18fdfb3 core/portmanager.lua
--- a/core/portmanager.lua	Thu Jun 10 15:21:07 2021 +0200
+++ b/core/portmanager.lua	Thu Jun 10 15:30:54 2021 +0200
@@ -280,6 +280,27 @@
 	end
 end);
 
+prosody.events.add_handler("config-reloaded", function ()
+	for service_name, interface, port, _, active_service in active_services:iter(nil, nil, nil, nil) do
+		if active_service.tls_cfg then
+			local service_info = active_service.service;
+			local config_prefix = (service_info.config_prefix or service_name).."_";
+			if config_prefix == "_" then
+				config_prefix = "";
+			end
+			local ssl, cfg, err = get_port_ssl_ctx(port, interface, config_prefix, service_info);
+			if ssl then
+				active_service.server:set_sslctx(ssl);
+				active_service.tls_cfg = cfg;
+			else
+				log("error", "Error reloading certificate for encrypted port for %s: %s", service_info.name,
+					error_to_friendly_message(service_name, port, err) or "unknown error");
+			end
+		end
+	end
+	-- TODO Update SNI too
+end, -1);
+
 return {
 	activate = activate;
 	deactivate = deactivate;