diff options
author | Kim Alvefur <zash@zash.se> | 2017-04-19 20:39:47 +0200 |
---|---|---|
committer | Kim Alvefur <zash@zash.se> | 2017-04-19 20:39:47 +0200 |
commit | 256ab5259da1de5e24691493c0f6a26595e17208 (patch) | |
tree | 9adb557fa527ab4650cf6943c202743f0434b9cf | |
parent | 28473a6452348dcab6aa9c81dcdce1a6f3288af1 (diff) | |
download | prosody-256ab5259da1de5e24691493c0f6a26595e17208.tar.gz prosody-256ab5259da1de5e24691493c0f6a26595e17208.zip |
prosodyctl cert: If running as root, write certificate files to config directory (fixes #530)
-rwxr-xr-x | prosodyctl | 15 |
1 files changed, 11 insertions, 4 deletions
@@ -697,9 +697,16 @@ local function use_existing(filename) end end +local cert_basedir = CFG_DATADIR or "./certs"; +if have_pposix and pposix.getuid() == 0 then + -- FIXME should be enough to check if this directory is writable + local cert_dir = config.get("*", "certificates") or "certs"; + cert_basedir = config.resolve_relative_path(config.paths.certs, cert_dir); +end + function cert_commands.config(arg) if #arg >= 1 and arg[1] ~= "--help" then - local conf_filename = (CFG_DATADIR or "./certs") .. "/" .. arg[1] .. ".cnf"; + local conf_filename = cert_basedir .. "/" .. arg[1] .. ".cnf"; if use_existing(conf_filename) then return nil, conf_filename; end @@ -760,7 +767,7 @@ end function cert_commands.key(arg) if #arg >= 1 and arg[1] ~= "--help" then - local key_filename = (CFG_DATADIR or "./certs") .. "/" .. arg[1] .. ".key"; + local key_filename = cert_basedir .. "/" .. arg[1] .. ".key"; if use_existing(key_filename) then return nil, key_filename; end @@ -782,7 +789,7 @@ end function cert_commands.request(arg) if #arg >= 1 and arg[1] ~= "--help" then - local req_filename = (CFG_DATADIR or "./certs") .. "/" .. arg[1] .. ".req"; + local req_filename = cert_basedir .. "/" .. arg[1] .. ".req"; if use_existing(req_filename) then return nil, req_filename; end @@ -800,7 +807,7 @@ end function cert_commands.generate(arg) if #arg >= 1 and arg[1] ~= "--help" then - local cert_filename = (CFG_DATADIR or "./certs") .. "/" .. arg[1] .. ".crt"; + local cert_filename = cert_basedir .. "/" .. arg[1] .. ".crt"; if use_existing(cert_filename) then return nil, cert_filename; end |