prosodyctl cert: If running as root, write certificate files to config directory (fixes #530)

prosodyctl

@@ -697,9 +697,16 @@ local function use_existing(filename)
 	end
 end
 
+local cert_basedir = CFG_DATADIR or "./certs";
+if have_pposix and pposix.getuid() == 0 then
+	-- FIXME should be enough to check if this directory is writable
+	local cert_dir = config.get("*", "certificates") or "certs";
+	cert_basedir = config.resolve_relative_path(config.paths.certs, cert_dir);
+end
+
 function cert_commands.config(arg)
 	if #arg >= 1 and arg[1] ~= "--help" then
-		local conf_filename = (CFG_DATADIR or "./certs") .. "/" .. arg[1] .. ".cnf";
+		local conf_filename = cert_basedir .. "/" .. arg[1] .. ".cnf";
 		if use_existing(conf_filename) then
 			return nil, conf_filename;
 		end
@@ -760,7 +767,7 @@ end
 
 function cert_commands.key(arg)
 	if #arg >= 1 and arg[1] ~= "--help" then
-		local key_filename = (CFG_DATADIR or "./certs") .. "/" .. arg[1] .. ".key";
+		local key_filename = cert_basedir .. "/" .. arg[1] .. ".key";
 		if use_existing(key_filename) then
 			return nil, key_filename;
 		end
@@ -782,7 +789,7 @@ end
 
 function cert_commands.request(arg)
 	if #arg >= 1 and arg[1] ~= "--help" then
-		local req_filename = (CFG_DATADIR or "./certs") .. "/" .. arg[1] .. ".req";
+		local req_filename = cert_basedir .. "/" .. arg[1] .. ".req";
 		if use_existing(req_filename) then
 			return nil, req_filename;
 		end
@@ -800,7 +807,7 @@ end
 
 function cert_commands.generate(arg)
 	if #arg >= 1 and arg[1] ~= "--help" then
-		local cert_filename = (CFG_DATADIR or "./certs") .. "/" .. arg[1] .. ".crt";
+		local cert_filename = cert_basedir .. "/" .. arg[1] .. ".crt";
 		if use_existing(cert_filename) then
 			return nil, cert_filename;
 		end