Software /
code /
prosody
Comparison
core/certmanager.lua @ 12305:f8b8061461e3
core.certmanager: Ensure key exists for fullchain
Since 5cd075ed4fd3 any file matching "fullchain" would be considered for
use.
Dehydrated stores fullchain certs in e.g, fullchain-1641171024.pem and a
symlink fullchain.pem pointing at the latest one. However the current
rule for finding a corresponding private key would try
privkey-1641171024.pem in the same directory, which may not exist.
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Mon, 21 Feb 2022 08:54:39 +0100 |
parent | 12287:5cd075ed4fd3 |
child | 12362:0fd58f54d653 |
comparison
equal
deleted
inserted
replaced
12304:8210c2a52e9c | 12305:f8b8061461e3 |
---|---|
128 elseif file:find("%.crt$") or file:find("fullchain") then -- This should catch most fullchain files | 128 elseif file:find("%.crt$") or file:find("fullchain") then -- This should catch most fullchain files |
129 local f = io_open(full); | 129 local f = io_open(full); |
130 if f then | 130 if f then |
131 -- TODO look for chained certificates | 131 -- TODO look for chained certificates |
132 local firstline = f:read(); | 132 local firstline = f:read(); |
133 if firstline == "-----BEGIN CERTIFICATE-----" then | 133 if firstline == "-----BEGIN CERTIFICATE-----" and lfs.attributes(find_matching_key(full), "mode") == "file" then |
134 f:seek("set") | 134 f:seek("set") |
135 local cert = ssl.loadcertificate(f:read("*a")) | 135 local cert = ssl.loadcertificate(f:read("*a")) |
136 -- TODO if more than one cert is found for a name, the most recently | 136 -- TODO if more than one cert is found for a name, the most recently |
137 -- issued one should be used. | 137 -- issued one should be used. |
138 -- for now, just filter out expired certs | 138 -- for now, just filter out expired certs |