aboutsummaryrefslogtreecommitdiffstats
path: root/util
diff options
context:
space:
mode:
authorKim Alvefur <zash@zash.se>2022-01-26 13:24:23 +0100
committerKim Alvefur <zash@zash.se>2022-01-26 13:24:23 +0100
commit04910e15b6a4a3283c61d6eaf8a90147c9570f7c (patch)
tree7a93ec9b0f93401a05aecd1f66fbd9e2f9d8c227 /util
parentb0e565598a7e6a8934e2440c3ec7692600f89ab8 (diff)
downloadprosody-04910e15b6a4a3283c61d6eaf8a90147c9570f7c.tar.gz
prosody-04910e15b6a4a3283c61d6eaf8a90147c9570f7c.zip
util.prosodyctl.cert: Look for certificates in a consistent order
Shortest first, then alphabetically, so that it prefers the base domain over subdomains. Fixes that it might otherwise pick a random sub-domain for filename on each run, cluttering the certs directory and potentially tricking Prosody into using an older certificate that might be about to expire.
Diffstat (limited to 'util')
-rw-r--r--util/prosodyctl/cert.lua9
1 files changed, 9 insertions, 0 deletions
diff --git a/util/prosodyctl/cert.lua b/util/prosodyctl/cert.lua
index 236fc99e..a60a9647 100644
--- a/util/prosodyctl/cert.lua
+++ b/util/prosodyctl/cert.lua
@@ -221,6 +221,15 @@ function cert_commands.import(arg)
cm.index_certs(dir, files_by_name);
end
local imported = {};
+ table.sort(hostnames, function (a, b)
+ -- Try to find base domain name before sub-domains, then alphabetically, so
+ -- that the order and choice of file name is deterministic.
+ if #a == #b then
+ return a < b;
+ else
+ return #a < #b;
+ end
+ end);
for _, host in ipairs(hostnames) do
local paths = cm.find_cert_in_index(files_by_name, host);
if paths and imported[paths.certificate] then