prosody
a09685a7b330
core/certmanager.lua
Software / code / prosody
Comparison
core/certmanager.lua @ 11537:a09685a7b330
core.certmanager: Resolve certs path relative to config dir
Otherwise the default "certs" would be relative to $PWD, which works
when testing from a source checkout, but not on installed systems where
it usually points to the data directory.
Also, the LuaFileSystem dir() iterator throws a hard error, which may
cause a crash or other problems.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Fri, 07 May 2021 16:35:37 +0200 |
| parent | 11534:1cef62ca3e03 |
| child | 11538:30feeb4d9d0b |
comparison
equal
deleted
inserted
replaced
| 11536:fb9bd9fa4356 | 11537:a09685a7b330 |
|---|---|
| 156 local cert_index; | 156 local cert_index; |
| 157 | 157 |
| 158 local function find_host_cert(host) | 158 local function find_host_cert(host) |
| 159 if not host then return nil; end | 159 if not host then return nil; end |
| 160 if not cert_index then | 160 if not cert_index then |
| 161 cert_index = index_certs(global_certificates); | 161 cert_index = index_certs(resolve_path(config_path, global_certificates)); |
| 162 end | 162 end |
| 163 local certs = cert_index[host]; | 163 local certs = cert_index[host]; |
| 164 if certs then | 164 if certs then |
| 165 local cert_filename, services = next(certs); | 165 local cert_filename, services = next(certs); |
| 166 if services["*"] then | 166 if services["*"] then |
| 175 return find_cert(configmanager.get(host, "certificate"), host) or find_host_cert(host:match("%.(.+)$")); | 175 return find_cert(configmanager.get(host, "certificate"), host) or find_host_cert(host:match("%.(.+)$")); |
| 176 end | 176 end |
| 177 | 177 |
| 178 local function find_service_cert(service, port) | 178 local function find_service_cert(service, port) |
| 179 if not cert_index then | 179 if not cert_index then |
| 180 cert_index = index_certs(global_certificates); | 180 cert_index = index_certs(resolve_path(config_path, global_certificates)); |
| 181 end | 181 end |
| 182 for _, certs in pairs(cert_index) do | 182 for _, certs in pairs(cert_index) do |
| 183 for cert_filename, services in pairs(certs) do | 183 for cert_filename, services in pairs(certs) do |
| 184 if services[service] or services["*"] then | 184 if services[service] or services["*"] then |
| 185 log("debug", "Using cert %q from index", cert_filename); | 185 log("debug", "Using cert %q from index", cert_filename); |
| 344 global_ssl_config = configmanager.get("*", "ssl"); | 344 global_ssl_config = configmanager.get("*", "ssl"); |
| 345 global_certificates = configmanager.get("*", "certificates") or "certs"; | 345 global_certificates = configmanager.get("*", "certificates") or "certs"; |
| 346 if luasec_has.options.no_compression then | 346 if luasec_has.options.no_compression then |
| 347 core_defaults.options.no_compression = configmanager.get("*", "ssl_compression") ~= true; | 347 core_defaults.options.no_compression = configmanager.get("*", "ssl_compression") ~= true; |
| 348 end | 348 end |
| 349 cert_index = index_certs(global_certificates); | 349 cert_index = index_certs(resolve_path(config_path, global_certificates)); |
| 350 end | 350 end |
| 351 | 351 |
| 352 prosody.events.add_handler("config-reloaded", reload_ssl_config); | 352 prosody.events.add_handler("config-reloaded", reload_ssl_config); |
| 353 | 353 |
| 354 return { | 354 return { |
