core.portmanager: Reload direct TLS certificates after config reload This should re-create all contexts the same way as when the service was activated, which reloads certificates.

core.portmanager: Factor out base TLS context creation for reuse Thinking I can use this to reload certificates after config reload

net.server_epoll: Add missing method for changing TLS context Supported by the other net.server implementations already, but not used anywhere in Prosody.

mod_http_file_share: Build list of measuring buckets for configured size limit Creates buckets up to the configured size limit or 1TB, whichever is smaller, e.g. {1K, 4K, 16K, ... 4M, 16M}

util.openmetrics: Prettify format of histogram buckets "%g" turns 1GB into 1.07374e+09, which is a bit awkward for the bytes measurements IMO. Turning up the precision, at "%.17g" turns 0.1 into 0.10000000000000001 while "%0.16" gives 0.1, hiding most of those pesky floating point artefacts. Lua version 5.2 uses "%.14g" ( see LUA_NUMBER_FMT in luaconf.h.html ) so it seems like a sensible choice here.

net.server_epoll: Fix reporting of socket connect timeout If the underlying TCP connection times out before the write timeout kicks in, end up here with err="timeout", which the following code treats as a minor issue. Then, due to epoll apparently returning the EPOLLOUT (writable) event too, we go on and try to write to the socket (commonly stream headers). This fails because the socket is closed, which becomes the error returned up the stack to the rest of Prosody. This also trips the 'onconnect' signal, which has effects on various things, such as the net.connect state machine. Probably undesirable effects. With this, we instead return "connection timeout", like server_event, and destroy the connection handle properly. And then nothing else happens because the connection has been destroyed.

core.certmanager: Skip service certificate lookup for https client Quick Fix\u{2122} to stop prevent certmanager from automatically adding a client certificate for net.http.request, since this normally does not require such.

core.portmanager: Fix race condition in initialization of SNI cert map Under some circumstances when hosts and modules are loaded in some certain order, entries end up missing from the SNI map. This manifests in e.g. `curl https://localhost:5281/` giving an error about "unrecognized name". The `service` argument is `nil` when invoked from the "host-activated" event, leading it to iterating over every service. And then it would not be fetching e.g. `http_host` from the config, which explains why https would sometimes not work due to the missing name entry. Because when `service` is included, this limits the iteration to matching entries, while also returning the same value as the `name` loop variable. Because `name == service when service != nil` we can use name instead in the body of the loop.

scansion: Really silence the certificates dir error certificate_s_, plural, is the directory setting

scansion: Silence an error from cert indexer due to missing certs dir