Enable multiple SSL certificates (issue 27)

2024-11-08 06:28:26 +01:00 · 2019-02-22 13:39:15 +13:00 · 2019-02-22 13:39:15 +13:00 · ff868e4a06
commit ff868e4a06
parent ef342a7cda
1 changed files with 31 additions and 17 deletions
--- a/src/ssl.lua
+++ b/src/ssl.lua
@ -74,25 +74,39 @@ local function newcontext(cfg)
   -- Mode
   succ, msg = context.setmode(ctx, cfg.mode)
   if not succ then return nil, msg end
-   -- Load the key
-   if cfg.key then
-      if cfg.password and
-         type(cfg.password) ~= "function" and
-         type(cfg.password) ~= "string"
-      then
-         return nil, "invalid password type"
+   -- Wrap singular certificate, key, etc in tables if necessary
+   for _, prop in pairs({ "key", "certificate", "password" }) do
+      if not cfg[prop .. "s"] then
+         if cfg[prop] then
+            cfg[prop .. "s"] = { cfg[prop] }
+         else
+            cfg[prop .. "s"] = {}
+         end
      end
-      succ, msg = context.loadkey(ctx, cfg.key, cfg.password)
-      if not succ then return nil, msg end
   end
-   -- Load the certificate
-   if cfg.certificate then
-     succ, msg = context.loadcert(ctx, cfg.certificate)
-     if not succ then return nil, msg end
-     if cfg.key and context.checkkey then
-       succ = context.checkkey(ctx)
-       if not succ then return nil, "private key does not match public key" end
-     end
+   for i, certificate in pairs(cfg.certificates) do
+      local password = cfg.passwords[i]
+      local key = cfg.keys[i]
+      -- Load the key
+      if key then
+         if password and
+            type(password) ~= "function" and
+            type(password) ~= "string"
+         then
+            return nil, "invalid password type"
+         end
+         succ, msg = context.loadkey(ctx, key, password)
+         if not succ then return nil, msg end
+      end
+      -- Load the certificate(s)
+      if certificate then
+        succ, msg = context.loadcert(ctx, certificate)
+        if not succ then return nil, msg end
+        if key and context.checkkey then
+          succ = context.checkkey(ctx)
+          if not succ then return nil, "private key does not match public key" end
+        end
+      end
   end
   -- Load the CA certificates
   if cfg.cafile or cfg.capath then