diff options
| author | Kim Alvefur <zash@zash.se> | 2022-02-14 18:29:31 +0100 |
|---|---|---|
| committer | Kim Alvefur <zash@zash.se> | 2022-02-14 18:29:31 +0100 |
| commit | 26b898bc5222f1f42bfcc2658ccf76341e81da6e (patch) | |
| tree | 8ba7a279c1430364e42c8e1f6b53e5525639e82a /core | |
| parent | f9660a95098f2247987ef542a7e4ce14f802cf14 (diff) | |
| download | prosody-26b898bc5222f1f42bfcc2658ccf76341e81da6e.tar.gz prosody-26b898bc5222f1f42bfcc2658ccf76341e81da6e.zip | |
core.certmanager: Relax certificate filename check #1713
After a survey of ACME clients it seems *.crt and *fullchain* should
work for the majority. The rest get to manually copy their files.
Diffstat (limited to 'core')
| -rw-r--r-- | core/certmanager.lua | 10 |
1 files changed, 2 insertions, 8 deletions
diff --git a/core/certmanager.lua b/core/certmanager.lua index a3b37bb4..684b240c 100644 --- a/core/certmanager.lua +++ b/core/certmanager.lua @@ -102,12 +102,7 @@ local function find_cert(user_certs, name) end local function find_matching_key(cert_path) - -- FIXME we shouldn't need to guess the key filename - if cert_path:sub(-4) == ".crt" then - return cert_path:sub(1, -4) .. "key"; - elseif cert_path:sub(-14) == "/fullchain.pem" then - return cert_path:sub(1, -14) .. "privkey.pem"; - end + return (cert_path:gsub("%.crt$", ".key"):gsub("fullchain", "privkey")); end local function index_certs(dir, files_by_name, depth_limit) @@ -130,8 +125,7 @@ local function index_certs(dir, files_by_name, depth_limit) if file:sub(1,1) ~= "." then index_certs(full, files_by_name, depth_limit-1); end - -- TODO support more filename patterns? - elseif full:match("%.crt$") or full:match("/fullchain%.pem$") then + elseif file:find("%.crt$") or file:find("fullchain") then -- This should catch most fullchain files local f = io_open(full); if f then -- TODO look for chained certificates |