From fe973169fad414b1525acb7c4895bed4216492f1 Mon Sep 17 00:00:00 2001
From: Joshua Kroll <jkroll@cloudflare.com>
Date: Mon, 2 Nov 2015 13:20:53 -0800
Subject: [PATCH] Wrap systemd-provided sockets in a TLS listener.

This fixes a bug introduced by the new socket activation/systemd-brokered listening whereby Red October speaks HTTP rather than HTTPS over that socket.
---
 redoctober.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/redoctober.go b/redoctober.go
index 89d2c70..add176b 100644
--- a/redoctober.go
+++ b/redoctober.go
@@ -134,9 +134,9 @@ func NewServer(process chan<- userRequest, staticPath, addr, caPath string, cert
 			log.Fatal(err)
 		}
 		if len(listenFDs) != 1 {
-			log.Fatal("Unexpected number of socket activation FDs!")
+			log.Fatalf("Unexpected number of socket activation FDs! (%v)", len(listenFDs))
 		}
-		lstnr = listenFDs[0]
+		lstnr = tls.NewListener(listenFDs[0], &config)
 	} else {
 		conn, err := net.Listen("tcp", addr)
 		if err != nil {