daemon: reload TLS certs and keys on SIGHUP

[public-inbox.git] / lib / PublicInbox / IMAP.pm

diff --git a/lib/PublicInbox/IMAP.pm b/lib/PublicInbox/IMAP.pm
index 0f0f9b3aaa6722c021132ca96224051d75b8ccc4..19ead70c9d7c3968c3e5d4f244446079c869b488 100644 (file)
--- a/lib/PublicInbox/IMAP.pm
+++ b/lib/PublicInbox/IMAP.pm
@@ -121,7 +121,7 @@ sub capa ($) {
                $capa .= ' COMPRESS=DEFLATE';
        } else {
                if (!($self->{sock} // $self)->can('accept_SSL') &&
-                       $self->{imapd}->{accept_tls}) {
+                       $self->{imapd}->{ssl_ctx_opt}) {
                        $capa .= ' STARTTLS';
                }
                $capa .= ' AUTH=ANONYMOUS';
@@ -1230,14 +1230,12 @@ sub cmd_compress ($$$) {
 
 sub cmd_starttls ($$) {
        my ($self, $tag) = @_;
-       my $sock = $self->{sock} or return;
-       if ($sock->can('stop_SSL') || $self->compressed) {
+       (($self->{sock} // return)->can('stop_SSL') || $self->compressed) and
                return "$tag BAD TLS or compression already enabled\r\n";
-       }
-       my $opt = $self->{imapd}->{accept_tls} or
+       $self->{imapd}->{ssl_ctx_opt} or
                return "$tag BAD can not initiate TLS negotiation\r\n";
        $self->write(\"$tag OK begin TLS negotiation now\r\n");
-       $self->{sock} = IO::Socket::SSL->start_SSL($sock, %$opt);
+       PublicInbox::TLS::start($self->{sock}, $self->{imapd});
        $self->requeue if PublicInbox::DS::accept_tls_step($self);
        undef;
 }