mirrors/prosody
1
0
Fork 0
mirror of https://github.com/bjc/prosody.git synced 2025-04-03 21:27:38 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

util.prosodyctl.cert: Look for certificates in a consistent order

Browse source 
Shortest first, then alphabetically, so that it prefers the base domain
over subdomains.

Fixes that it might otherwise pick a random sub-domain for filename on
each run, cluttering the certs directory and potentially tricking
Prosody into using an older certificate that might be about to expire.
This commit is contained in:
Kim Alvefur 2022-01-26 13:24:23 +01:00
parent b0e565598a
commit 04910e15b6
1 changed files with 9 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

9
util/prosodyctl/cert.lua
View file

@ -221,6 +221,15 @@ function cert_commands.import(arg)
cm.index_certs(dir, files_by_name);
end
local imported = {};
table.sort(hostnames, function (a, b)
-- Try to find base domain name before sub-domains, then alphabetically, so
-- that the order and choice of file name is deterministic.
if #a == #b then
return a < b;
else
return #a < #b;
end
end);
for _, host in ipairs(hostnames) do
local paths = cm.find_cert_in_index(files_by_name, host);
if paths and imported[paths.certificate] then