aboutsummaryrefslogtreecommitdiffstats
path: root/core
diff options
context:
space:
mode:
authorKim Alvefur <zash@zash.se>2021-05-07 16:35:37 +0200
committerKim Alvefur <zash@zash.se>2021-05-07 16:35:37 +0200
commit2c902f163f0f31ac9ea7d803cf2a493cecbaf3fe (patch)
treec8eccd28b22c4d3a2a1b4556be348c9e73aa32b9 /core
parent4cd3fcfb0bd2b39e1e6c483e7e3446a3671ef48b (diff)
downloadprosody-2c902f163f0f31ac9ea7d803cf2a493cecbaf3fe.tar.gz
prosody-2c902f163f0f31ac9ea7d803cf2a493cecbaf3fe.zip
core.certmanager: Resolve certs path relative to config dir
Otherwise the default "certs" would be relative to $PWD, which works when testing from a source checkout, but not on installed systems where it usually points to the data directory. Also, the LuaFileSystem dir() iterator throws a hard error, which may cause a crash or other problems.
Diffstat (limited to 'core')
-rw-r--r--core/certmanager.lua6
1 files changed, 3 insertions, 3 deletions
diff --git a/core/certmanager.lua b/core/certmanager.lua
index e7f91fb9..a7432d35 100644
--- a/core/certmanager.lua
+++ b/core/certmanager.lua
@@ -158,7 +158,7 @@ local cert_index;
local function find_host_cert(host)
if not host then return nil; end
if not cert_index then
- cert_index = index_certs(global_certificates);
+ cert_index = index_certs(resolve_path(config_path, global_certificates));
end
local certs = cert_index[host];
if certs then
@@ -177,7 +177,7 @@ end
local function find_service_cert(service, port)
if not cert_index then
- cert_index = index_certs(global_certificates);
+ cert_index = index_certs(resolve_path(config_path, global_certificates));
end
for _, certs in pairs(cert_index) do
for cert_filename, services in pairs(certs) do
@@ -346,7 +346,7 @@ local function reload_ssl_config()
if luasec_has.options.no_compression then
core_defaults.options.no_compression = configmanager.get("*", "ssl_compression") ~= true;
end
- cert_index = index_certs(global_certificates);
+ cert_index = index_certs(resolve_path(config_path, global_certificates));
end
prosody.events.add_handler("config-reloaded", reload_ssl_config);