Comparison

core/certmanager.lua @ 11534:1cef62ca3e03

core.certmanager: Skip directly to guessing of key from cert filename Cuts down on a ton of debug logs
author Kim Alvefur <zash@zash.se>
date Wed, 05 May 2021 15:56:39 +0200
parent 11533:f97592336399
child 11537:a09685a7b330
comparison
equal deleted inserted replaced
11533:f97592336399 11534:1cef62ca3e03
94 return { certificate = crt_path, key = key_path }; 94 return { certificate = crt_path, key = key_path };
95 end 95 end
96 end 96 end
97 end 97 end
98 log("debug", "No certificate/key found for %s", name); 98 log("debug", "No certificate/key found for %s", name);
99 end
100
101 local function find_matching_key(cert_path)
102 -- FIXME we shouldn't need to guess the key filename
103 if cert_path:sub(-4) == ".crt" then
104 return cert_path:sub(1, -4) .. "key";
105 elseif cert_path:sub(-14) == "/fullchain.pem" then
106 return cert_path:sub(1, -14) .. "privkey.pem";
107 end
99 end 108 end
100 109
101 local function index_certs(dir, files_by_name, depth_limit) 110 local function index_certs(dir, files_by_name, depth_limit)
102 files_by_name = files_by_name or {}; 111 files_by_name = files_by_name or {};
103 depth_limit = depth_limit or 3; 112 depth_limit = depth_limit or 3;
154 local certs = cert_index[host]; 163 local certs = cert_index[host];
155 if certs then 164 if certs then
156 local cert_filename, services = next(certs); 165 local cert_filename, services = next(certs);
157 if services["*"] then 166 if services["*"] then
158 log("debug", "Using cert %q from index", cert_filename); 167 log("debug", "Using cert %q from index", cert_filename);
159 return find_cert(cert_filename, host); 168 return {
169 certificate = cert_filename,
170 key = find_matching_key(cert_filename),
171 }
160 end 172 end
161 end 173 end
162 174
163 return find_cert(configmanager.get(host, "certificate"), host) or find_host_cert(host:match("%.(.+)$")); 175 return find_cert(configmanager.get(host, "certificate"), host) or find_host_cert(host:match("%.(.+)$"));
164 end 176 end
169 end 181 end
170 for _, certs in pairs(cert_index) do 182 for _, certs in pairs(cert_index) do
171 for cert_filename, services in pairs(certs) do 183 for cert_filename, services in pairs(certs) do
172 if services[service] or services["*"] then 184 if services[service] or services["*"] then
173 log("debug", "Using cert %q from index", cert_filename); 185 log("debug", "Using cert %q from index", cert_filename);
174 return find_cert(cert_filename, service); 186 return {
187 certificate = cert_filename,
188 key = find_matching_key(cert_filename),
189 }
175 end 190 end
176 end 191 end
177 end 192 end
178 local cert_config = configmanager.get("*", service.."_certificate"); 193 local cert_config = configmanager.get("*", service.."_certificate");
179 if type(cert_config) == "table" then 194 if type(cert_config) == "table" then