Software /
code /
prosody
Comparison
core/certmanager.lua @ 12104:29765ac7f72f
prosodyctl cert: use the indexing functions for better UX
These provide (a) a way to deal with random assortments of certs
and (b) avoid unnecessary error messages and warnings, according
to #1669 anyway, which this fixes.
author | Jonas Schäfer <jonas@wielicki.name> |
---|---|
date | Tue, 21 Dec 2021 21:20:21 +0100 (2021-12-21) |
parent | 12099:b344edad61d3 |
child | 12105:47c9a76cce7d |
comparison
equal
deleted
inserted
replaced
12103:fc297128c33a | 12104:29765ac7f72f |
---|---|
165 return files_by_name; | 165 return files_by_name; |
166 end | 166 end |
167 | 167 |
168 local cert_index; | 168 local cert_index; |
169 | 169 |
170 local function find_host_cert(host) | 170 local function find_cert_in_index(index, host) |
171 if not host then return nil; end | 171 if not host then return nil; end |
172 if not cert_index then | 172 if not index then return nil; end |
173 cert_index = index_certs(resolve_path(config_path, global_certificates)); | 173 local certs = index[host]; |
174 end | |
175 local certs = cert_index[host]; | |
176 if certs then | 174 if certs then |
177 local cert_filename, services = next(certs); | 175 local cert_filename, services = next(certs); |
178 if services["*"] then | 176 if services["*"] then |
179 log("debug", "Using cert %q from index", cert_filename); | 177 log("debug", "Using cert %q from index", cert_filename); |
180 return { | 178 return { |
181 certificate = cert_filename, | 179 certificate = cert_filename, |
182 key = find_matching_key(cert_filename), | 180 key = find_matching_key(cert_filename), |
183 } | 181 } |
184 end | 182 end |
185 end | 183 end |
186 | 184 return nil |
187 return find_cert(configmanager.get(host, "certificate"), host) or find_host_cert(host:match("%.(.+)$")); | 185 end |
186 | |
187 local function find_host_cert(host) | |
188 if not host then return nil; end | |
189 if not cert_index then | |
190 cert_index = index_certs(resolve_path(config_path, global_certificates)); | |
191 end | |
192 | |
193 return find_cert_in_index(cert_index, host) or find_cert(configmanager.get(host, "certificate"), host) or find_host_cert(host:match("%.(.+)$")); | |
188 end | 194 end |
189 | 195 |
190 local function find_service_cert(service, port) | 196 local function find_service_cert(service, port) |
191 if not cert_index then | 197 if not cert_index then |
192 cert_index = index_certs(resolve_path(config_path, global_certificates)); | 198 cert_index = index_certs(resolve_path(config_path, global_certificates)); |
437 | 443 |
438 return { | 444 return { |
439 create_context = create_context; | 445 create_context = create_context; |
440 reload_ssl_config = reload_ssl_config; | 446 reload_ssl_config = reload_ssl_config; |
441 find_cert = find_cert; | 447 find_cert = find_cert; |
448 index_certs = index_certs; | |
442 find_host_cert = find_host_cert; | 449 find_host_cert = find_host_cert; |
450 find_cert_in_index = find_cert_in_index; | |
443 }; | 451 }; |