Mercurial Mercurial > prosody > prosody / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
core.certmanager: Ensure key exists for fullchain
authorKim Alvefur <zash@zash.se>
Mon, 21 Feb 2022 08:54:39 +0100
changeset 12309 f8b8061461e3
parent 12308 8210c2a52e9c
child 12310 81fc7fc77e68
core.certmanager: Ensure key exists for fullchain Since 5cd075ed4fd3 any file matching "fullchain" would be considered for use. Dehydrated stores fullchain certs in e.g, fullchain-1641171024.pem and a symlink fullchain.pem pointing at the latest one. However the current rule for finding a corresponding private key would try privkey-1641171024.pem in the same directory, which may not exist.
core/certmanager.lua file | annotate | diff | comparison | revisions 
--- a/core/certmanager.lua	Sun Feb 20 00:24:18 2022 +0100
+++ b/core/certmanager.lua	Mon Feb 21 08:54:39 2022 +0100
@@ -130,7 +130,7 @@
 			if f then
 				-- TODO look for chained certificates
 				local firstline = f:read();
-				if firstline == "-----BEGIN CERTIFICATE-----" then
+				if firstline == "-----BEGIN CERTIFICATE-----" and lfs.attributes(find_matching_key(full), "mode") == "file" then
 					f:seek("set")
 					local cert = ssl.loadcertificate(f:read("*a"))
 					-- TODO if more than one cert is found for a name, the most recently
prosody