# HG changeset patch
# User Kim Alvefur <zash@zash.se>
# Date 1643199863 -3600
# Node ID 0f5d04c3092f4367db1078d3e0a6c8eec72f2119
# Parent  33a93d0a9a4537756d3c3b0976ce3659ba7b6ab4
util.prosodyctl.cert: Look for certificates in a consistent order

Shortest first, then alphabetically, so that it prefers the base domain
over subdomains.

Fixes that it might otherwise pick a random sub-domain for filename on
each run, cluttering the certs directory and potentially tricking
Prosody into using an older certificate that might be about to expire.

diff -r 33a93d0a9a45 -r 0f5d04c3092f util/prosodyctl/cert.lua
--- a/util/prosodyctl/cert.lua	Mon Jan 24 23:06:45 2022 +0100
+++ b/util/prosodyctl/cert.lua	Wed Jan 26 13:24:23 2022 +0100
@@ -221,6 +221,15 @@
 		cm.index_certs(dir, files_by_name);
 	end
 	local imported = {};
+	table.sort(hostnames, function (a, b)
+		-- Try to find base domain name before sub-domains, then alphabetically, so
+		-- that the order and choice of file name is deterministic.
+		if #a == #b then
+			return a < b;
+		else
+			return #a < #b;
+		end
+	end);
 	for _, host in ipairs(hostnames) do
 		local paths = cm.find_cert_in_index(files_by_name, host);
 		if paths and imported[paths.certificate] then