Comparison

core/certmanager.lua @ 12104:29765ac7f72f

prosodyctl cert: use the indexing functions for better UX These provide (a) a way to deal with random assortments of certs and (b) avoid unnecessary error messages and warnings, according to #1669 anyway, which this fixes.
author Jonas Schäfer <jonas@wielicki.name>
date Tue, 21 Dec 2021 21:20:21 +0100 (2021-12-21)
parent 12099:b344edad61d3
child 12105:47c9a76cce7d
comparison
equal deleted inserted replaced
12103:fc297128c33a 12104:29765ac7f72f
165 return files_by_name; 165 return files_by_name;
166 end 166 end
167 167
168 local cert_index; 168 local cert_index;
169 169
170 local function find_host_cert(host) 170 local function find_cert_in_index(index, host)
171 if not host then return nil; end 171 if not host then return nil; end
172 if not cert_index then 172 if not index then return nil; end
173 cert_index = index_certs(resolve_path(config_path, global_certificates)); 173 local certs = index[host];
174 end
175 local certs = cert_index[host];
176 if certs then 174 if certs then
177 local cert_filename, services = next(certs); 175 local cert_filename, services = next(certs);
178 if services["*"] then 176 if services["*"] then
179 log("debug", "Using cert %q from index", cert_filename); 177 log("debug", "Using cert %q from index", cert_filename);
180 return { 178 return {
181 certificate = cert_filename, 179 certificate = cert_filename,
182 key = find_matching_key(cert_filename), 180 key = find_matching_key(cert_filename),
183 } 181 }
184 end 182 end
185 end 183 end
186 184 return nil
187 return find_cert(configmanager.get(host, "certificate"), host) or find_host_cert(host:match("%.(.+)$")); 185 end
186
187 local function find_host_cert(host)
188 if not host then return nil; end
189 if not cert_index then
190 cert_index = index_certs(resolve_path(config_path, global_certificates));
191 end
192
193 return find_cert_in_index(cert_index, host) or find_cert(configmanager.get(host, "certificate"), host) or find_host_cert(host:match("%.(.+)$"));
188 end 194 end
189 195
190 local function find_service_cert(service, port) 196 local function find_service_cert(service, port)
191 if not cert_index then 197 if not cert_index then
192 cert_index = index_certs(resolve_path(config_path, global_certificates)); 198 cert_index = index_certs(resolve_path(config_path, global_certificates));
437 443
438 return { 444 return {
439 create_context = create_context; 445 create_context = create_context;
440 reload_ssl_config = reload_ssl_config; 446 reload_ssl_config = reload_ssl_config;
441 find_cert = find_cert; 447 find_cert = find_cert;
448 index_certs = index_certs;
442 find_host_cert = find_host_cert; 449 find_host_cert = find_host_cert;
450 find_cert_in_index = find_cert_in_index;
443 }; 451 };