mirrors/prosody
1
0
Fork 0
mirror of https://github.com/bjc/prosody.git synced 2025-04-04 21:57:45 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

core.certmanager: Ensure key exists for fullchain

Browse source 
Since 5cd075ed4fd3 any file matching "fullchain" would be considered for
use.

Dehydrated stores fullchain certs in e.g, fullchain-1641171024.pem and a
symlink fullchain.pem pointing at the latest one. However the current
rule for finding a corresponding private key would try
privkey-1641171024.pem in the same directory, which may not exist.
This commit is contained in:
Kim Alvefur 2022-02-21 08:54:39 +01:00
parent 0e6391e736
commit dd1e42f499
1 changed files with 1 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
core/certmanager.lua
View file

@ -130,7 +130,7 @@ local function index_certs(dir, files_by_name, depth_limit)
if f then if f then
-- TODO look for chained certificates -- TODO look for chained certificates
local firstline = f:read(); local firstline = f:read();
if firstline == "-----BEGIN CERTIFICATE-----" then if firstline == "-----BEGIN CERTIFICATE-----" and lfs.attributes(find_matching_key(full), "mode") == "file" then
f:seek("set") f:seek("set")
local cert = ssl.loadcertificate(f:read("*a")) local cert = ssl.loadcertificate(f:read("*a"))
-- TODO if more than one cert is found for a name, the most recently -- TODO if more than one cert is found for a name, the most recently