prosody
5cd075ed4fd3
core/certmanager.lua

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody

Comparison

core/certmanager.lua @ 12287:5cd075ed4fd3

core.certmanager: Relax certificate filename check #1713 After a survey of ACME clients it seems *.crt and *fullchain* should work for the majority. The rest get to manually copy their files.
author Kim Alvefur <zash@zash.se>
date Mon, 14 Feb 2022 18:29:31 +0100
parent 12197:95d25e620dc2
child 12305:f8b8061461e3
child 12331:49739369dcad
comparison
equal deleted inserted replaced
12286:ad88732eea51 12287:5cd075ed4fd3
100 end 100 end
101 log("debug", "No certificate/key found for %s", name); 101 log("debug", "No certificate/key found for %s", name);
102 end 102 end
103 103
104 local function find_matching_key(cert_path) 104 local function find_matching_key(cert_path)
105 -- FIXME we shouldn't need to guess the key filename 105 return (cert_path:gsub("%.crt$", ".key"):gsub("fullchain", "privkey"));
106 if cert_path:sub(-4) == ".crt" then
107 return cert_path:sub(1, -4) .. "key";
108 elseif cert_path:sub(-14) == "/fullchain.pem" then
109 return cert_path:sub(1, -14) .. "privkey.pem";
110 end
111 end 106 end
112 107
113 local function index_certs(dir, files_by_name, depth_limit) 108 local function index_certs(dir, files_by_name, depth_limit)
114 files_by_name = files_by_name or {}; 109 files_by_name = files_by_name or {};
115 depth_limit = depth_limit or 3; 110 depth_limit = depth_limit or 3;
128 local full = pathutil.join(dir, file); 123 local full = pathutil.join(dir, file);
129 if lfs.attributes(full, "mode") == "directory" then 124 if lfs.attributes(full, "mode") == "directory" then
130 if file:sub(1,1) ~= "." then 125 if file:sub(1,1) ~= "." then
131 index_certs(full, files_by_name, depth_limit-1); 126 index_certs(full, files_by_name, depth_limit-1);
132 end 127 end
133 -- TODO support more filename patterns? 128 elseif file:find("%.crt$") or file:find("fullchain") then -- This should catch most fullchain files
134 elseif full:match("%.crt$") or full:match("/fullchain%.pem$") then
135 local f = io_open(full); 129 local f = io_open(full);
136 if f then 130 if f then
137 -- TODO look for chained certificates 131 -- TODO look for chained certificates
138 local firstline = f:read(); 132 local firstline = f:read();
139 if firstline == "-----BEGIN CERTIFICATE-----" then 133 if firstline == "-----BEGIN CERTIFICATE-----" then