prefer letsencrypt-style certs

2015-07-14 21:36:20 +00:00 · 2015-07-14 21:36:20 +00:00 · 5ba70878de
parent 945ec23965
commit 5ba70878de
1 changed files with 21 additions and 6 deletions
--- a/lib/vhost-sni-server.js
+++ b/lib/vhost-sni-server.js
@ -400,14 +400,28 @@ module.exports.create = function (securePort, certsPath, vhostsdir) {
    var secOpts;

    try {
-      var nodes = fs.readdirSync(path.join(certsPath, 'server'));
-      var keyNode = nodes.filter(function (node) { return /\.key\.pem$/.test(node); })[0];
-      var crtNode = nodes.filter(function (node) { return /\.crt\.pem$/.test(node); })[0];
+      var nodes = fs.readdirSync(certsPath);
+      var keyNode = nodes.filter(function (node) { return 'privkey.pem' === node; })[0];
+      var crtNode = nodes.filter(function (node) { return 'fullchain.pem' === node; })[0];
+
+      if (keyNode && crtNode) {
+        keyNode = path.join(certsPath, keyNode);
+        crtNode = path.join(certsPath, crtNode);
+      } else {
+        nodes = fs.readdirSync(path.join(certsPath, 'server'));
+        keyNode = nodes.filter(function (node) { return /^privkey(\.key)?\.pem$/.test(node) || /\.key\.pem$/.test(node); })[0];
+        crtNode = nodes.filter(function (node) { return /^fullchain(\.crt)?\.pem$/.test(node) || /\.crt\.pem$/.test(node); })[0];
+        keyNode = path.join(certsPath, 'server', keyNode);
+        crtNode = path.join(certsPath, 'server', crtNode);
+      }
+
      secOpts = {
-        key:  fs.readFileSync(path.join(certsPath, 'server', keyNode))
-      , cert: fs.readFileSync(path.join(certsPath, 'server', crtNode))
+        key:  fs.readFileSync(keyNode)
+      , cert: fs.readFileSync(crtNode)
      };

+      // I misunderstood what the ca option was for
+      /*
      if (fs.existsSync(path.join(certsPath, 'ca'))) {
        secOpts.ca = fs.readdirSync(path.join(certsPath, 'ca')).filter(function (node) {
          console.log('[log ca]', node);
@ -416,6 +430,7 @@ module.exports.create = function (securePort, certsPath, vhostsdir) {
          return fs.readFileSync(path.join(certsPath, 'ca', node));
        });
      }
+      */
    } catch(err) {
      // TODO Let's Encrypt / ACME HTTPS
      console.error("[ERROR] Couldn't READ HTTPS certs from '" + certsPath + "':");
@ -446,7 +461,7 @@ module.exports.create = function (securePort, certsPath, vhostsdir) {
                    // fallback / default dummy certs
      key:          localDummyCerts.key
    , cert:         localDummyCerts.cert
-    , ca:           localDummyCerts.ca
+    //, ca:           localDummyCerts.ca
    // io.js defaults have disallowed insecure algorithms as of 2015-06-29
    // https://iojs.org/api/tls.html
    // previous version could use something like this