-- Switch away from root and into the prosody user --
local switched_user, current_uid;
-local want_pposix_version = "0.3.5";
+local want_pposix_version = "0.3.6";
local ok, pposix = pcall(require, "util.pposix");
if ok and pposix then
function cert_commands.config(arg)
if #arg >= 1 and arg[1] ~= "--help" then
- local conf_filename = (CFG_DATADIR or ".") .. "/" .. arg[1] .. ".cnf";
+ local conf_filename = (CFG_DATADIR or "./certs") .. "/" .. arg[1] .. ".cnf";
if ask_overwrite(conf_filename) then
return nil, conf_filename;
end
local conf = openssl.config.new();
conf:from_prosody(hosts, config, arg);
- for k, v in pairs(conf.distinguished_name) do
- local nv;
- if k == "commonName" then
- v = arg[1]
- elseif k == "emailAddress" then
- v = "xmpp@" .. arg[1];
- end
- nv = show_prompt(("%s (%s):"):format(k, nv or v));
- nv = (not nv or nv == "") and v or nv;
- if nv:find"[\192-\252][\128-\191]+" then
- conf.req.string_mask = "utf8only"
+ show_message("Please provide details to include in the certificate config file.");
+ show_message("Leave the field empty to use the default value or '.' to exclude the field.")
+ for i, k in ipairs(openssl._DN_order) do
+ local v = conf.distinguished_name[k];
+ if v then
+ local nv;
+ if k == "commonName" then
+ v = arg[1]
+ elseif k == "emailAddress" then
+ v = "xmpp@" .. arg[1];
+ elseif k == "countryName" then
+ local tld = arg[1]:match"%.([a-z]+)$";
+ if tld and #tld == 2 and tld ~= "uk" then
+ v = tld:upper();
+ end
+ end
+ nv = show_prompt(("%s (%s):"):format(k, nv or v));
+ nv = (not nv or nv == "") and v or nv;
+ if nv:find"[\192-\252][\128-\191]+" then
+ conf.req.string_mask = "utf8only"
+ end
+ conf.distinguished_name[k] = nv ~= "." and nv or nil;
end
- conf.distinguished_name[k] = nv ~= "." and nv or nil;
end
- local conf_file = io.open(conf_filename, "w");
+ local conf_file, err = io.open(conf_filename, "w");
+ if not conf_file then
+ show_warning("Could not open OpenSSL config file for writing");
+ show_warning(err);
+ os.exit(1);
+ end
conf_file:write(conf:serialize());
conf_file:close();
print("");
function cert_commands.key(arg)
if #arg >= 1 and arg[1] ~= "--help" then
- local key_filename = (CFG_DATADIR or ".") .. "/" .. arg[1] .. ".key";
+ local key_filename = (CFG_DATADIR or "./certs") .. "/" .. arg[1] .. ".key";
if ask_overwrite(key_filename) then
return nil, key_filename;
end
function cert_commands.request(arg)
if #arg >= 1 and arg[1] ~= "--help" then
- local req_filename = (CFG_DATADIR or ".") .. "/" .. arg[1] .. ".req";
+ local req_filename = (CFG_DATADIR or "./certs") .. "/" .. arg[1] .. ".req";
if ask_overwrite(req_filename) then
return nil, req_filename;
end
function cert_commands.generate(arg)
if #arg >= 1 and arg[1] ~= "--help" then
- local cert_filename = (CFG_DATADIR or ".") .. "/" .. arg[1] .. ".crt";
+ local cert_filename = (CFG_DATADIR or "./certs") .. "/" .. arg[1] .. ".crt";
if ask_overwrite(cert_filename) then
return nil, cert_filename;
end