prosody
0f5d04c3092f
util/prosodyctl/cert.lua
Software / code / prosody
Comparison
util/prosodyctl/cert.lua @ 12216:0f5d04c3092f
util.prosodyctl.cert: Look for certificates in a consistent order
Shortest first, then alphabetically, so that it prefers the base domain
over subdomains.
Fixes that it might otherwise pick a random sub-domain for filename on
each run, cluttering the certs directory and potentially tricking
Prosody into using an older certificate that might be about to expire.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Wed, 26 Jan 2022 13:24:23 +0100 |
| parent | 12200:2bb4ee5f42be |
| child | 12219:0a44def211fa |
comparison
equal
deleted
inserted
replaced
| 12215:33a93d0a9a45 | 12216:0f5d04c3092f |
|---|---|
| 219 local files_by_name = {} | 219 local files_by_name = {} |
| 220 for _, dir in ipairs(arg) do | 220 for _, dir in ipairs(arg) do |
| 221 cm.index_certs(dir, files_by_name); | 221 cm.index_certs(dir, files_by_name); |
| 222 end | 222 end |
| 223 local imported = {}; | 223 local imported = {}; |
| 224 table.sort(hostnames, function (a, b) | |
| 225 -- Try to find base domain name before sub-domains, then alphabetically, so | |
| 226 -- that the order and choice of file name is deterministic. | |
| 227 if #a == #b then | |
| 228 return a < b; | |
| 229 else | |
| 230 return #a < #b; | |
| 231 end | |
| 232 end); | |
| 224 for _, host in ipairs(hostnames) do | 233 for _, host in ipairs(hostnames) do |
| 225 local paths = cm.find_cert_in_index(files_by_name, host); | 234 local paths = cm.find_cert_in_index(files_by_name, host); |
| 226 if paths and imported[paths.certificate] then | 235 if paths and imported[paths.certificate] then |
| 227 -- One certificate, many mames! | 236 -- One certificate, many mames! |
| 228 table.insert(imported, host); | 237 table.insert(imported, host); |
