util.prosodyctl.cert: Look for certificates in a consistent order

Shortest first, then alphabetically, so that it prefers the base domain over subdomains. Fixes that it might otherwise pick a random sub-domain for filename on each run, cluttering the certs directory and potentially tricking Prosody into using an older certificate that might be about to expire.
author: Kim Alvefur <zash@zash.se> 2022-01-26 13:24:23 +0100
committer: Kim Alvefur <zash@zash.se> 2022-01-26 13:24:23 +0100
commit: 04910e15b6a4a3283c61d6eaf8a90147c9570f7c (patch)
tree: 7a93ec9b0f93401a05aecd1f66fbd9e2f9d8c227
parent: b0e565598a7e6a8934e2440c3ec7692600f89ab8 (diff)
download: prosody-04910e15b6a4a3283c61d6eaf8a90147c9570f7c.tar.gz
prosody-04910e15b6a4a3283c61d6eaf8a90147c9570f7c.zip
1 files changed, 9 insertions, 0 deletions
diff --git a/util/prosodyctl/cert.lua b/util/prosodyctl/cert.lua
index 236fc99e..a60a9647 100644
--- a/util/prosodyctl/cert.lua
+++ b/util/prosodyctl/cert.lua
@@ -221,6 +221,15 @@ function cert_commands.import(arg)
 		cm.index_certs(dir, files_by_name);
 	end
 	local imported = {};
+	table.sort(hostnames, function (a, b)
+		-- Try to find base domain name before sub-domains, then alphabetically, so
+		-- that the order and choice of file name is deterministic.
+		if #a == #b then
+			return a < b;
+		else
+			return #a < #b;
+		end
+	end);
 	for _, host in ipairs(hostnames) do
 		local paths = cm.find_cert_in_index(files_by_name, host);
 		if paths and imported[paths.certificate] then
author	Kim Alvefur <zash@zash.se>	2022-01-26 13:24:23 +0100
committer	Kim Alvefur <zash@zash.se>	2022-01-26 13:24:23 +0100
commit	04910e15b6a4a3283c61d6eaf8a90147c9570f7c (patch)
tree	7a93ec9b0f93401a05aecd1f66fbd9e2f9d8c227
parent	b0e565598a7e6a8934e2440c3ec7692600f89ab8 (diff)
download	prosody-04910e15b6a4a3283c61d6eaf8a90147c9570f7c.tar.gz prosody-04910e15b6a4a3283c61d6eaf8a90147c9570f7c.zip