mirrors/prosody
1
0
Fork 0
mirror of https://github.com/bjc/prosody.git synced 2025-04-04 05:37:39 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

core.certmanager: Relax certificate filename check #1713

Browse source 
After a survey of ACME clients it seems *.crt and *fullchain* should
work for the majority. The rest get to manually copy their files.
This commit is contained in:
Kim Alvefur 2022-02-14 18:29:31 +01:00
parent f9660a9509
commit 26b898bc52
1 changed files with 2 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

10
core/certmanager.lua
View file

@ -102,12 +102,7 @@ local function find_cert(user_certs, name)
end
local function find_matching_key(cert_path)
-- FIXME we shouldn't need to guess the key filename
if cert_path:sub(-4) == ".crt" then
return cert_path:sub(1, -4) .. "key";
elseif cert_path:sub(-14) == "/fullchain.pem" then
return cert_path:sub(1, -14) .. "privkey.pem";
end
return (cert_path:gsub("%.crt$", ".key"):gsub("fullchain", "privkey"));
end
local function index_certs(dir, files_by_name, depth_limit)
@ -130,8 +125,7 @@ local function index_certs(dir, files_by_name, depth_limit)
if file:sub(1,1) ~= "." then
index_certs(full, files_by_name, depth_limit-1);
end
-- TODO support more filename patterns?
elseif full:match("%.crt$") or full:match("/fullchain%.pem$") then
elseif file:find("%.crt$") or file:find("fullchain") then -- This should catch most fullchain files
local f = io_open(full);
if f then
-- TODO look for chained certificates