diff options
author | Kim Alvefur <zash@zash.se> | 2022-01-26 13:24:23 +0100 |
---|---|---|
committer | Kim Alvefur <zash@zash.se> | 2022-01-26 13:24:23 +0100 |
commit | 04910e15b6a4a3283c61d6eaf8a90147c9570f7c (patch) | |
tree | 7a93ec9b0f93401a05aecd1f66fbd9e2f9d8c227 /util | |
parent | b0e565598a7e6a8934e2440c3ec7692600f89ab8 (diff) | |
download | prosody-04910e15b6a4a3283c61d6eaf8a90147c9570f7c.tar.gz prosody-04910e15b6a4a3283c61d6eaf8a90147c9570f7c.zip |
util.prosodyctl.cert: Look for certificates in a consistent order
Shortest first, then alphabetically, so that it prefers the base domain
over subdomains.
Fixes that it might otherwise pick a random sub-domain for filename on
each run, cluttering the certs directory and potentially tricking
Prosody into using an older certificate that might be about to expire.
Diffstat (limited to 'util')
-rw-r--r-- | util/prosodyctl/cert.lua | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/util/prosodyctl/cert.lua b/util/prosodyctl/cert.lua index 236fc99e..a60a9647 100644 --- a/util/prosodyctl/cert.lua +++ b/util/prosodyctl/cert.lua @@ -221,6 +221,15 @@ function cert_commands.import(arg) cm.index_certs(dir, files_by_name); end local imported = {}; + table.sort(hostnames, function (a, b) + -- Try to find base domain name before sub-domains, then alphabetically, so + -- that the order and choice of file name is deterministic. + if #a == #b then + return a < b; + else + return #a < #b; + end + end); for _, host in ipairs(hostnames) do local paths = cm.find_cert_in_index(files_by_name, host); if paths and imported[paths.certificate] then |