#1915 Prosody 13.0 does not honour per-host 'ssl' options on direct TLS ports
Reporter
MattJ
Owner
MattJ
Created
Updated
Stars
★ (1)
Tags
Status-Fixed
Priority-Medium
Type-Defect
Milestone-13.0
MattJ
on
Prosody 13.0 unexpectedly changes the behaviour of manual certificate configuration (i.e. 'ssl' and '*_ssl' options such as 'https_ssl') for "direct TLS" ports, including HTTPS. Instead, Prosody always uses automatic certificate selection for these services, unless it finds manual configuration options in the global scope.
```
VirtualHost "localhost"
modules_enabled = { "http" }
-- Configure some non-default certificate for HTTPS
https_ssl = {
key = "data/test.key";
certificate = "data/test.crt";
}
```
In Prosody 0.12, the 'test.crt' certificate can be observed on port 5281, but in 13.0 the default localhost cert is presented instead.
Prosody 13.0 unexpectedly changes the behaviour of manual certificate configuration (i.e. 'ssl' and '*_ssl' options such as 'https_ssl') for "direct TLS" ports, including HTTPS. Instead, Prosody always uses automatic certificate selection for these services, unless it finds manual configuration options in the global scope. ``` VirtualHost "localhost" modules_enabled = { "http" } -- Configure some non-default certificate for HTTPS https_ssl = { key = "data/test.key"; certificate = "data/test.crt"; } ``` In Prosody 0.12, the 'test.crt' certificate can be observed on port 5281, but in 13.0 the default localhost cert is presented instead.
This should be fixed with https://hg.prosody.im/trunk/rev/4ea7bd7325be in 13.0 and trunk.
Changes