aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKim Alvefur <zash@zash.se>2022-02-21 08:54:39 +0100
committerKim Alvefur <zash@zash.se>2022-02-21 08:54:39 +0100
commitdd1e42f4992b66b16d0efcecdae7b0f1ec960b9b (patch)
tree8d0de2bbfaaea6fb58488908a1c4a786fb5dcee1
parent0e6391e7367f2cdbb7bdcfe87a105c761a35e456 (diff)
downloadprosody-dd1e42f4992b66b16d0efcecdae7b0f1ec960b9b.tar.gz
prosody-dd1e42f4992b66b16d0efcecdae7b0f1ec960b9b.zip
core.certmanager: Ensure key exists for fullchain
Since 5cd075ed4fd3 any file matching "fullchain" would be considered for use. Dehydrated stores fullchain certs in e.g, fullchain-1641171024.pem and a symlink fullchain.pem pointing at the latest one. However the current rule for finding a corresponding private key would try privkey-1641171024.pem in the same directory, which may not exist.
-rw-r--r--core/certmanager.lua2
1 files changed, 1 insertions, 1 deletions
diff --git a/core/certmanager.lua b/core/certmanager.lua
index 684b240c..b1380ae8 100644
--- a/core/certmanager.lua
+++ b/core/certmanager.lua
@@ -130,7 +130,7 @@ local function index_certs(dir, files_by_name, depth_limit)
if f then
-- TODO look for chained certificates
local firstline = f:read();
- if firstline == "-----BEGIN CERTIFICATE-----" then
+ if firstline == "-----BEGIN CERTIFICATE-----" and lfs.attributes(find_matching_key(full), "mode") == "file" then
f:seek("set")
local cert = ssl.loadcertificate(f:read("*a"))
-- TODO if more than one cert is found for a name, the most recently