Software / code / prosody
Changeset
12216:0f5d04c3092f
util.prosodyctl.cert: Look for certificates in a consistent order
Shortest first, then alphabetically, so that it prefers the base domain
over subdomains.
Fixes that it might otherwise pick a random sub-domain for filename on
each run, cluttering the certs directory and potentially tricking
Prosody into using an older certificate that might be about to expire.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Wed, 26 Jan 2022 13:24:23 +0100 |
| parents | 12215:33a93d0a9a45 |
| children | 12217:39043233de04 |
| files | util/prosodyctl/cert.lua |
| diffstat | 1 files changed, 9 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- a/util/prosodyctl/cert.lua Mon Jan 24 23:06:45 2022 +0100 +++ b/util/prosodyctl/cert.lua Wed Jan 26 13:24:23 2022 +0100 @@ -221,6 +221,15 @@ cm.index_certs(dir, files_by_name); end local imported = {}; + table.sort(hostnames, function (a, b) + -- Try to find base domain name before sub-domains, then alphabetically, so + -- that the order and choice of file name is deterministic. + if #a == #b then + return a < b; + else + return #a < #b; + end + end); for _, host in ipairs(hostnames) do local paths = cm.find_cert_in_index(files_by_name, host); if paths and imported[paths.certificate] then
