aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJonas Schäfer <jonas@wielicki.name>2021-12-21 21:20:21 +0100
committerJonas Schäfer <jonas@wielicki.name>2021-12-21 21:20:21 +0100
commit7c93370ad564fc9176b97cf981ed7e10e05d8890 (patch)
treeb63c715519099134c75900e0d7b1f9d7b04070d8
parenta7f535e0cf44a188207ad49b88831f449812c8bf (diff)
downloadprosody-7c93370ad564fc9176b97cf981ed7e10e05d8890.tar.gz
prosody-7c93370ad564fc9176b97cf981ed7e10e05d8890.zip
prosodyctl cert: use the indexing functions for better UX
These provide (a) a way to deal with random assortments of certs and (b) avoid unnecessary error messages and warnings, according to #1669 anyway, which this fixes.
-rw-r--r--core/certmanager.lua20
-rw-r--r--util/prosodyctl/cert.lua28
2 files changed, 29 insertions, 19 deletions
diff --git a/core/certmanager.lua b/core/certmanager.lua
index e2324db5..017271d9 100644
--- a/core/certmanager.lua
+++ b/core/certmanager.lua
@@ -167,12 +167,10 @@ end
local cert_index;
-local function find_host_cert(host)
+local function find_cert_in_index(index, host)
if not host then return nil; end
- if not cert_index then
- cert_index = index_certs(resolve_path(config_path, global_certificates));
- end
- local certs = cert_index[host];
+ if not index then return nil; end
+ local certs = index[host];
if certs then
local cert_filename, services = next(certs);
if services["*"] then
@@ -183,8 +181,16 @@ local function find_host_cert(host)
}
end
end
+ return nil
+end
+
+local function find_host_cert(host)
+ if not host then return nil; end
+ if not cert_index then
+ cert_index = index_certs(resolve_path(config_path, global_certificates));
+ end
- return find_cert(configmanager.get(host, "certificate"), host) or find_host_cert(host:match("%.(.+)$"));
+ return find_cert_in_index(cert_index, host) or find_cert(configmanager.get(host, "certificate"), host) or find_host_cert(host:match("%.(.+)$"));
end
local function find_service_cert(service, port)
@@ -439,5 +445,7 @@ return {
create_context = create_context;
reload_ssl_config = reload_ssl_config;
find_cert = find_cert;
+ index_certs = index_certs;
find_host_cert = find_host_cert;
+ find_cert_in_index = find_cert_in_index;
};
diff --git a/util/prosodyctl/cert.lua b/util/prosodyctl/cert.lua
index 2b96ac5c..d37bb82c 100644
--- a/util/prosodyctl/cert.lua
+++ b/util/prosodyctl/cert.lua
@@ -216,22 +216,24 @@ function cert_commands.import(arg)
group = configmanager.get("*", "prosody_group") or owner;
end
local cm = require "core.certmanager";
+ local files_by_name = {}
+ for _, dir in ipairs(arg) do
+ cm.index_certs(dir, files_by_name);
+ end
local imported = {};
for _, host in ipairs(hostnames) do
- for _, dir in ipairs(arg) do
- local paths = cm.find_cert(dir, host);
- if paths then
- copy(paths.certificate, cert_basedir .. "/" .. host .. ".crt", nil, owner, group);
- copy(paths.key, cert_basedir .. "/" .. host .. ".key", "0377", owner, group);
- table.insert(imported, host);
- else
- -- TODO Say where we looked
- pctl.show_warning("No certificate for host "..host.." found :(");
- end
- -- TODO Additional checks
- -- Certificate names matches the hostname
- -- Private key matches public key in certificate
+ local paths = cm.find_cert_in_index(files_by_name, host);
+ if paths then
+ copy(paths.certificate, cert_basedir .. "/" .. host .. ".crt", nil, owner, group);
+ copy(paths.key, cert_basedir .. "/" .. host .. ".key", "0377", owner, group);
+ table.insert(imported, host);
+ else
+ -- TODO Say where we looked
+ pctl.show_warning("No certificate for host "..host.." found :(");
end
+ -- TODO Additional checks
+ -- Certificate names matches the hostname
+ -- Private key matches public key in certificate
end
if imported[1] then
pctl.show_message("Imported certificate and key for hosts %s", table.concat(imported, ", "));