prosody
49bbdc22846d
core/certmanager.lua

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody

Comparison

core/certmanager.lua @ 13752:49bbdc22846d 13.0

certmanager: Add more debug logging around cert indexing Currently it's not obvious which directories have been indexed (especially when the resulting index is empty), or why certain files have been skipped.
author Matthew Wild <mwild1@gmail.com>
date Mon, 24 Feb 2025 17:48:58 +0000
parent 13703:99d2100d2918
comparison
equal deleted inserted replaced
13750:53c39fdb007f 13752:49bbdc22846d
89 if lfs.attributes(full, "mode") == "directory" then 89 if lfs.attributes(full, "mode") == "directory" then
90 if file:sub(1,1) ~= "." then 90 if file:sub(1,1) ~= "." then
91 index_certs(full, files_by_name, depth_limit-1); 91 index_certs(full, files_by_name, depth_limit-1);
92 end 92 end
93 elseif file:find("%.crt$") or file:find("fullchain") then -- This should catch most fullchain files 93 elseif file:find("%.crt$") or file:find("fullchain") then -- This should catch most fullchain files
94 local f = io_open(full); 94 local f, err = io_open(full);
95 if f then 95 if f then
96 -- TODO look for chained certificates 96 -- TODO look for chained certificates
97 local firstline = f:read(); 97 local firstline = f:read();
98 if firstline == "-----BEGIN CERTIFICATE-----" and lfs.attributes(find_matching_key(full), "mode") == "file" then 98 if firstline == "-----BEGIN CERTIFICATE-----" and lfs.attributes(find_matching_key(full), "mode") == "file" then
99 f:seek("set") 99 f:seek("set")
111 files_by_name[name][full] = services; 111 files_by_name[name][full] = services;
112 else 112 else
113 files_by_name[name] = { [full] = services; }; 113 files_by_name[name] = { [full] = services; };
114 end 114 end
115 end 115 end
116 else
117 log("debug", "Skipping expired certificate: %s", full);
116 end 118 end
117 end 119 end
118 f:close(); 120 f:close();
119 end 121 elseif err then
120 end 122 log("debug", "Failed to open file for indexing: %s", full);
121 end 123 end
122 log("debug", "Certificate index: %q", files_by_name); 124 end
125 end
126 log("debug", "Certificate index in %s: %q", dir, files_by_name);
123 -- | hostname | filename | service | 127 -- | hostname | filename | service |
124 return files_by_name; 128 return files_by_name;
125 end 129 end
126 130
127 local cert_index; 131 local cert_index;