aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKim Alvefur <zash@zash.se>2022-02-14 18:29:31 +0100
committerKim Alvefur <zash@zash.se>2022-02-14 18:29:31 +0100
commit26b898bc5222f1f42bfcc2658ccf76341e81da6e (patch)
tree8ba7a279c1430364e42c8e1f6b53e5525639e82a
parentf9660a95098f2247987ef542a7e4ce14f802cf14 (diff)
downloadprosody-26b898bc5222f1f42bfcc2658ccf76341e81da6e.tar.gz
prosody-26b898bc5222f1f42bfcc2658ccf76341e81da6e.zip
core.certmanager: Relax certificate filename check #1713
After a survey of ACME clients it seems *.crt and *fullchain* should work for the majority. The rest get to manually copy their files.
-rw-r--r--core/certmanager.lua10
1 files changed, 2 insertions, 8 deletions
diff --git a/core/certmanager.lua b/core/certmanager.lua
index a3b37bb4..684b240c 100644
--- a/core/certmanager.lua
+++ b/core/certmanager.lua
@@ -102,12 +102,7 @@ local function find_cert(user_certs, name)
end
local function find_matching_key(cert_path)
- -- FIXME we shouldn't need to guess the key filename
- if cert_path:sub(-4) == ".crt" then
- return cert_path:sub(1, -4) .. "key";
- elseif cert_path:sub(-14) == "/fullchain.pem" then
- return cert_path:sub(1, -14) .. "privkey.pem";
- end
+ return (cert_path:gsub("%.crt$", ".key"):gsub("fullchain", "privkey"));
end
local function index_certs(dir, files_by_name, depth_limit)
@@ -130,8 +125,7 @@ local function index_certs(dir, files_by_name, depth_limit)
if file:sub(1,1) ~= "." then
index_certs(full, files_by_name, depth_limit-1);
end
- -- TODO support more filename patterns?
- elseif full:match("%.crt$") or full:match("/fullchain%.pem$") then
+ elseif file:find("%.crt$") or file:find("fullchain") then -- This should catch most fullchain files
local f = io_open(full);
if f then
-- TODO look for chained certificates