net.server_epoll: Refactor Direct TLS assumptions outwards
The assumption that connections are "Direct TLS" when a TLS context is
supplided should be broken. The goal is to make it easy to add a new API
that can be given a TLS context at creation even if it should do
STARTTLS.
With this commit, only the exposed server_select-compatible API assumes
Direct TLS when a TLS context is included.
--- a/net/server_epoll.lua Thu Sep 13 16:45:18 2018 +0100
+++ b/net/server_epoll.lua Thu Sep 13 20:37:43 2018 +0200
@@ -454,7 +454,6 @@
self.onreadable = nil;
self._tls = true;
self:on("status", "ssl-handshake-complete");
- self.init = nil; -- Restore default method
self:init();
elseif err == "wantread" then
log("debug", "TLS handshake on %s to wait until readable", self);
@@ -489,9 +488,6 @@
if client.getsockname then
conn.sockname, conn.sockport = client:getsockname();
end
- if tls_ctx then
- conn.init = interface.starttls;
- end
return conn;
end
@@ -504,9 +500,13 @@
self:pausefor(cfg.accept_retry_interval);
return;
end
- local client = wrapsocket(conn, self, nil, self.listeners, self.tls_ctx);
+ local client = wrapsocket(conn, self, nil, self.listeners);
log("debug", "New connection %s", tostring(client));
- client:init();
+ if self.tls_direct then
+ client:starttls(self.tls_ctx);
+ else
+ client:init();
+ end
end
-- Initialization
@@ -559,6 +559,7 @@
_pattern = pattern;
onreadable = interface.onacceptable;
tls_ctx = tls_ctx;
+ tls_direct = tls_ctx and true or false;
sockname = addr;
sockport = port;
}, interface_mt);
@@ -572,7 +573,11 @@
if not client.peername then
client.peername, client.peerport = addr, port;
end
- client:init();
+ if tls_ctx then
+ client:starttls(tls_ctx);
+ else
+ client:init();
+ end
return client;
end
@@ -583,7 +588,11 @@
conn:settimeout(0);
conn:connect(addr, port);
local client = wrapsocket(conn, nil, pattern, listeners, tls_ctx)
- client:init();
+ if tls_ctx then
+ client:starttls(tls_ctx);
+ else
+ client:init();
+ end
return client, conn;
end