diff options
author | Kim Alvefur <zash@zash.se> | 2022-02-21 08:54:39 +0100 |
---|---|---|
committer | Kim Alvefur <zash@zash.se> | 2022-02-21 08:54:39 +0100 |
commit | dd1e42f4992b66b16d0efcecdae7b0f1ec960b9b (patch) | |
tree | 8d0de2bbfaaea6fb58488908a1c4a786fb5dcee1 | |
parent | 0e6391e7367f2cdbb7bdcfe87a105c761a35e456 (diff) | |
download | prosody-dd1e42f4992b66b16d0efcecdae7b0f1ec960b9b.tar.gz prosody-dd1e42f4992b66b16d0efcecdae7b0f1ec960b9b.zip |
core.certmanager: Ensure key exists for fullchain
Since 5cd075ed4fd3 any file matching "fullchain" would be considered for
use.
Dehydrated stores fullchain certs in e.g, fullchain-1641171024.pem and a
symlink fullchain.pem pointing at the latest one. However the current
rule for finding a corresponding private key would try
privkey-1641171024.pem in the same directory, which may not exist.
-rw-r--r-- | core/certmanager.lua | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/core/certmanager.lua b/core/certmanager.lua index 684b240c..b1380ae8 100644 --- a/core/certmanager.lua +++ b/core/certmanager.lua @@ -130,7 +130,7 @@ local function index_certs(dir, files_by_name, depth_limit) if f then -- TODO look for chained certificates local firstline = f:read(); - if firstline == "-----BEGIN CERTIFICATE-----" then + if firstline == "-----BEGIN CERTIFICATE-----" and lfs.attributes(find_matching_key(full), "mode") == "file" then f:seek("set") local cert = ssl.loadcertificate(f:read("*a")) -- TODO if more than one cert is found for a name, the most recently |