daemon: reload TLS certs and keys on SIGHUP

This allows new TLS certificates to be loaded for new clients
without having to timeout nor drop existing clients with
established connections made with the old certs.  This should
benefit users with admins who expire certificates frequently (as
encouraged by Let's Encrypt).

1 files changed, 5 insertions, 5 deletions

diff --git a/lib/PublicInbox/POP3.pm b/lib/PublicInbox/POP3.pm
index 203c91a6..7469922b 100644
--- a/lib/PublicInbox/POP3.pm
+++ b/lib/PublicInbox/POP3.pm
@@ -130,12 +130,12 @@ sub cmd_pass {
 
 sub cmd_stls {
         my ($self) = @_;
-        my $sock = $self->{sock} or return;
-        return \"-ERR TLS already enabled\r\n" if $sock->can('stop_SSL');
-        my $opt = $self->{pop3d}->{accept_tls} or
+        ($self->{sock} // return)->can('stop_SSL') and
+                return \"-ERR TLS already enabled\r\n";
+        $self->{pop3d}->{ssl_ctx_opt} or
                 return \"-ERR can't start TLS negotiation\r\n";
         $self->write(\"+OK begin TLS negotiation now\r\n");
-        $self->{sock} = IO::Socket::SSL->start_SSL($sock, %$opt);
+        PublicInbox::TLS::start($self->{sock}, $self->{pop3d});
         $self->requeue if PublicInbox::DS::accept_tls_step($self);
         undef;
 }
@@ -281,7 +281,7 @@ sub cmd_dele {
 sub cmd_capa {
         my ($self) = @_;
         my $STLS = !$self->{ibx} && !$self->{sock}->can('stop_SSL') &&
-                        $self->{pop3d}->{accept_tls} ? "\nSTLS\r" : '';
+                        $self->{pop3d}->{ssl_ctx_opt} ? "\nSTLS\r" : '';
         $self->{expire} = ''; # "EXPIRE 0" allows clients to avoid DELE commands
         <<EOM;
 +OK Capability list follows\r