restructure SSL/TLS a bit, name config items better

.gitignore

@@ -1,3 +1,4 @@
 /ircd.*
 /ssl.*
+/tls.*
 _test

irc/config.go

@@ -13,17 +13,17 @@ type PassConfig struct {
 	Password string
 }
 
-// SSLListenConfig defines configuration options for listening on SSL
-type SSLListenConfig struct {
+// TLSListenConfig defines configuration options for listening on TLS
+type TLSListenConfig struct {
 	Cert string
 	Key  string
 }
 
-// Certificate returns the SSL certificate assicated with this SSLListenConfig
-func (conf *SSLListenConfig) Config() (*tls.Config, error) {
+// Certificate returns the TLS certificate assicated with this TLSListenConfig
+func (conf *TLSListenConfig) Config() (*tls.Config, error) {
 	cert, err := tls.LoadX509KeyPair(conf.Cert, conf.Key)
 	if err != nil {
-		return nil, errors.New("ssl cert+key: invalid pair")
+		return nil, errors.New("tls cert+key: invalid pair")
 	}
 
 	return &tls.Config{
@@ -49,14 +49,13 @@ type Config struct {
 		Name             string
 		Database         string
 		Listen           []string
-		Wslisten         string
+		Wslisten         string                      `yaml:"ws-listen"`
+		TLSListeners     map[string]*TLSListenConfig `yaml:"tls-listeners"`
 		Log              string
 		MOTD             string
 		ProxyAllowedFrom []string `yaml:"proxy-allowed-from"`
 	}
 
-	SSLListener map[string]*SSLListenConfig
-
 	Operator map[string]*PassConfig
 
 	Theater map[string]*PassConfig
@@ -82,16 +81,16 @@ func (conf *Config) Theaters() map[Name][]byte {
 	return theaters
 }
 
-func (conf *Config) SSLListeners() map[Name]*tls.Config {
-	sslListeners := make(map[Name]*tls.Config)
-	for s, sslListenersConf := range conf.SSLListener {
-		config, err := sslListenersConf.Config()
+func (conf *Config) TLSListeners() map[Name]*tls.Config {
+	tlsListeners := make(map[Name]*tls.Config)
+	for s, tlsListenersConf := range conf.Server.TLSListeners {
+		config, err := tlsListenersConf.Config()
 		if err != nil {
 			log.Fatal(err)
 		}
-		sslListeners[NewName(s)] = config
+		tlsListeners[NewName(s)] = config
 	}
-	return sslListeners
+	return tlsListeners
 }
 
 func LoadConfig(filename string) (config *Config, err error) {

irc/server.go

@@ -99,7 +99,7 @@ func NewServer(config *Config) *Server {
 	server.loadChannels()
 
 	for _, addr := range config.Server.Listen {
-		server.listen(addr, config.SSLListeners())
+		server.listen(addr, config.TLSListeners())
 	}
 
 	if config.Server.Wslisten != "" {
@@ -240,18 +240,20 @@ func (server *Server) Run() {
 // listen goroutine
 //
 
-func (s *Server) listen(addr string, ssl map[Name]*tls.Config) {
-	config, listenSSL := ssl[NewName(addr)]
+func (s *Server) listen(addr string, tlsMap map[Name]*tls.Config) {
+	config, listenTLS := tlsMap[NewName(addr)]
 
 	listener, err := net.Listen("tcp", addr)
 	if err != nil {
 		log.Fatal(s, "listen error: ", err)
 	}
 
-	if listenSSL {
+	tlsString := "plaintext"
+	if listenTLS {
 		listener = tls.NewListener(listener, config)
+		tlsString = "TLS"
 	}
-	Log.info.Printf("%s listening on %s. ssl: %t", s, addr, listenSSL)
+	Log.info.Printf("%s listening on %s using %s.", s, addr, tlsString)
 
 	go func() {
 		for {

oragono.yaml

@@ -21,7 +21,14 @@ server:
         - ":6697" # ssl port
 
     # websocket listening port
-    wslisten: ":8080"
+    ws-listen: ":8080"
+
+    # tls listeners
+    tls-listeners:
+        # listener on ":6697"
+        ":6697":
+            key: tls.key
+            cert: tls.crt
 
     # password to login to the server
     # generated using  "oragono genpasswd"
@@ -39,13 +46,6 @@ server:
         - "localhost"
         - "127.0.0.1"
 
-# ssl listeners
-ssllistener:
-    # listener on ":6697"
-    ":6697":
-        key: ssl.key
-        cert: ssl.crt
-
 # ircd operators
 operator:
     # operator named 'dan'