diff options
author | Eric Wong <e@80x24.org> | 2022-08-03 08:06:03 +0000 |
---|---|---|
committer | Eric Wong <e@80x24.org> | 2022-08-03 19:57:58 +0000 |
commit | ec328a09ae172569ac72bafb02eaf1dc2d489867 (patch) | |
tree | d2ed66eabcdd65d5db5ac1f87beee8e2552a2438 /lib/PublicInbox/POP3.pm | |
parent | aa26a8a66c845bc4754f7099b675082899933078 (diff) | |
download | public-inbox-ec328a09ae172569ac72bafb02eaf1dc2d489867.tar.gz |
This allows new TLS certificates to be loaded for new clients without having to timeout nor drop existing clients with established connections made with the old certs. This should benefit users with admins who expire certificates frequently (as encouraged by Let's Encrypt).
Diffstat (limited to 'lib/PublicInbox/POP3.pm')
-rw-r--r-- | lib/PublicInbox/POP3.pm | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/lib/PublicInbox/POP3.pm b/lib/PublicInbox/POP3.pm index 203c91a6..7469922b 100644 --- a/lib/PublicInbox/POP3.pm +++ b/lib/PublicInbox/POP3.pm @@ -130,12 +130,12 @@ sub cmd_pass { sub cmd_stls { my ($self) = @_; - my $sock = $self->{sock} or return; - return \"-ERR TLS already enabled\r\n" if $sock->can('stop_SSL'); - my $opt = $self->{pop3d}->{accept_tls} or + ($self->{sock} // return)->can('stop_SSL') and + return \"-ERR TLS already enabled\r\n"; + $self->{pop3d}->{ssl_ctx_opt} or return \"-ERR can't start TLS negotiation\r\n"; $self->write(\"+OK begin TLS negotiation now\r\n"); - $self->{sock} = IO::Socket::SSL->start_SSL($sock, %$opt); + PublicInbox::TLS::start($self->{sock}, $self->{pop3d}); $self->requeue if PublicInbox::DS::accept_tls_step($self); undef; } @@ -281,7 +281,7 @@ sub cmd_dele { sub cmd_capa { my ($self) = @_; my $STLS = !$self->{ibx} && !$self->{sock}->can('stop_SSL') && - $self->{pop3d}->{accept_tls} ? "\nSTLS\r" : ''; + $self->{pop3d}->{ssl_ctx_opt} ? "\nSTLS\r" : ''; $self->{expire} = ''; # "EXPIRE 0" allows clients to avoid DELE commands <<EOM; +OK Capability list follows\r |