aboutsummaryrefslogtreecommitdiffstats
path: root/core
diff options
context:
space:
mode:
authorKim Alvefur <zash@zash.se>2020-04-10 16:11:09 +0200
committerKim Alvefur <zash@zash.se>2020-04-10 16:11:09 +0200
commit96620cafe5f8aa651c449ab930703a7032c990b5 (patch)
tree644d61577f926ea30cebf73bced6363c44062b0d /core
parent710339a8384dac99e332d05fcadbd87a4f2197b8 (diff)
downloadprosody-96620cafe5f8aa651c449ab930703a7032c990b5.tar.gz
prosody-96620cafe5f8aa651c449ab930703a7032c990b5.zip
core.certmanager: Look for privkey.pem to go with fullchain.pem (fix #1526)
This makes `prosodyctl cert import example.com /path/to/example.com/fullchain.pem` work. This was never intended to, yet users commonly tried this and got problems.
Diffstat (limited to 'core')
-rw-r--r--core/certmanager.lua14
1 files changed, 8 insertions, 6 deletions
diff --git a/core/certmanager.lua b/core/certmanager.lua
index 5282a6f5..40021db6 100644
--- a/core/certmanager.lua
+++ b/core/certmanager.lua
@@ -73,13 +73,15 @@ local function find_cert(user_certs, name)
local key_path = certs .. key_try[i]:format(name);
if stat(crt_path, "mode") == "file" then
- if key_path:sub(-4) == ".crt" then
- key_path = key_path:sub(1, -4) .. "key";
- if stat(key_path, "mode") == "file" then
- log("debug", "Selecting certificate %s with key %s for %s", crt_path, key_path, name);
- return { certificate = crt_path, key = key_path };
+ if crt_path == key_path then
+ if key_path:sub(-4) == ".crt" then
+ key_path = key_path:sub(1, -4) .. "key";
+ elseif key_path:sub(-13) == "fullchain.pem" then
+ key_path = key_path:sub(1, -14) .. "privkey.pem";
end
- elseif stat(key_path, "mode") == "file" then
+ end
+
+ if stat(key_path, "mode") == "file" then
log("debug", "Selecting certificate %s with key %s for %s", crt_path, key_path, name);
return { certificate = crt_path, key = key_path };
end