Software /
code /
prosody
Comparison
core/certmanager.lua @ 11534:1cef62ca3e03
core.certmanager: Skip directly to guessing of key from cert filename
Cuts down on a ton of debug logs
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Wed, 05 May 2021 15:56:39 +0200 |
parent | 11533:f97592336399 |
child | 11537:a09685a7b330 |
comparison
equal
deleted
inserted
replaced
11533:f97592336399 | 11534:1cef62ca3e03 |
---|---|
94 return { certificate = crt_path, key = key_path }; | 94 return { certificate = crt_path, key = key_path }; |
95 end | 95 end |
96 end | 96 end |
97 end | 97 end |
98 log("debug", "No certificate/key found for %s", name); | 98 log("debug", "No certificate/key found for %s", name); |
99 end | |
100 | |
101 local function find_matching_key(cert_path) | |
102 -- FIXME we shouldn't need to guess the key filename | |
103 if cert_path:sub(-4) == ".crt" then | |
104 return cert_path:sub(1, -4) .. "key"; | |
105 elseif cert_path:sub(-14) == "/fullchain.pem" then | |
106 return cert_path:sub(1, -14) .. "privkey.pem"; | |
107 end | |
99 end | 108 end |
100 | 109 |
101 local function index_certs(dir, files_by_name, depth_limit) | 110 local function index_certs(dir, files_by_name, depth_limit) |
102 files_by_name = files_by_name or {}; | 111 files_by_name = files_by_name or {}; |
103 depth_limit = depth_limit or 3; | 112 depth_limit = depth_limit or 3; |
154 local certs = cert_index[host]; | 163 local certs = cert_index[host]; |
155 if certs then | 164 if certs then |
156 local cert_filename, services = next(certs); | 165 local cert_filename, services = next(certs); |
157 if services["*"] then | 166 if services["*"] then |
158 log("debug", "Using cert %q from index", cert_filename); | 167 log("debug", "Using cert %q from index", cert_filename); |
159 return find_cert(cert_filename, host); | 168 return { |
169 certificate = cert_filename, | |
170 key = find_matching_key(cert_filename), | |
171 } | |
160 end | 172 end |
161 end | 173 end |
162 | 174 |
163 return find_cert(configmanager.get(host, "certificate"), host) or find_host_cert(host:match("%.(.+)$")); | 175 return find_cert(configmanager.get(host, "certificate"), host) or find_host_cert(host:match("%.(.+)$")); |
164 end | 176 end |
169 end | 181 end |
170 for _, certs in pairs(cert_index) do | 182 for _, certs in pairs(cert_index) do |
171 for cert_filename, services in pairs(certs) do | 183 for cert_filename, services in pairs(certs) do |
172 if services[service] or services["*"] then | 184 if services[service] or services["*"] then |
173 log("debug", "Using cert %q from index", cert_filename); | 185 log("debug", "Using cert %q from index", cert_filename); |
174 return find_cert(cert_filename, service); | 186 return { |
187 certificate = cert_filename, | |
188 key = find_matching_key(cert_filename), | |
189 } | |
175 end | 190 end |
176 end | 191 end |
177 end | 192 end |
178 local cert_config = configmanager.get("*", service.."_certificate"); | 193 local cert_config = configmanager.get("*", service.."_certificate"); |
179 if type(cert_config) == "table" then | 194 if type(cert_config) == "table" then |