daemon: reload TLS certs and keys on SIGHUP

[public-inbox.git] / lib / PublicInbox / POP3.pm

diff --git a/lib/PublicInbox/POP3.pm b/lib/PublicInbox/POP3.pm
index 203c91a6b3cff4f1697ffc8677b997d7a7fd3caf..7469922b2249f405be5a012eaa25e66c681087da 100644 (file)
--- a/lib/PublicInbox/POP3.pm
+++ b/lib/PublicInbox/POP3.pm
@@ -130,12 +130,12 @@ sub cmd_pass {
 
 sub cmd_stls {
        my ($self) = @_;
-       my $sock = $self->{sock} or return;
-       return \"-ERR TLS already enabled\r\n" if $sock->can('stop_SSL');
-       my $opt = $self->{pop3d}->{accept_tls} or
+       ($self->{sock} // return)->can('stop_SSL') and
+               return \"-ERR TLS already enabled\r\n";
+       $self->{pop3d}->{ssl_ctx_opt} or
                return \"-ERR can't start TLS negotiation\r\n";
        $self->write(\"+OK begin TLS negotiation now\r\n");
-       $self->{sock} = IO::Socket::SSL->start_SSL($sock, %$opt);
+       PublicInbox::TLS::start($self->{sock}, $self->{pop3d});
        $self->requeue if PublicInbox::DS::accept_tls_step($self);
        undef;
 }
@@ -281,7 +281,7 @@ sub cmd_dele {
 sub cmd_capa {
        my ($self) = @_;
        my $STLS = !$self->{ibx} && !$self->{sock}->can('stop_SSL') &&
-                       $self->{pop3d}->{accept_tls} ? "\nSTLS\r" : '';
+                       $self->{pop3d}->{ssl_ctx_opt} ? "\nSTLS\r" : '';
        $self->{expire} = ''; # "EXPIRE 0" allows clients to avoid DELE commands
        <<EOM;
 +OK Capability list follows\r