Merge branch 'dev' into ui

2026-05-24 09:28:37 +00:00 · 2023-12-20 16:15:23 +01:00 · 2023-12-20 16:15:23 +01:00 · 63a90005c6
commit 63a90005c6
parent 20c2f4ffd2 5c10eaeb71
17 changed files with 92 additions and 120 deletions
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@ -35,12 +35,12 @@ jobs:
          python -m pip install --no-cache-dir --require-hashes -r src/common/db/requirements.txt
          echo "CODEQL_PYTHON=$(which python)" >> $GITHUB_ENV
      - name: Initialize CodeQL
-        uses: github/codeql-action/init@305f6546310b9203e892c28c1484e82977f4f63d # v2.22.10
+        uses: github/codeql-action/init@b374143c1149a9115d881581d29b8390bbcbb59c # v3.22.11
        with:
          languages: ${{ matrix.language }}
          config-file: ./.github/codeql.yml
          setup-python-dependencies: false
      - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@305f6546310b9203e892c28c1484e82977f4f63d # v2.22.10
+        uses: github/codeql-action/analyze@b374143c1149a9115d881581d29b8390bbcbb59c # v3.22.11
        with:
          category: "/language:${{matrix.language}}"
--- a/.github/workflows/container-build.yml
+++ b/.github/workflows/container-build.yml
@ -84,7 +84,7 @@ jobs:
      # Compute metadata
      - name: Extract metadata
        id: meta
-        uses: docker/metadata-action@31cebacef4805868f9ce9a0cb03ee36c32df2ac4 # v5.3.0
+        uses: docker/metadata-action@9dc751fe249ad99385a2583ee0d084c400eee04e # v5.4.0
        with:
          images: bunkerity/${{ inputs.IMAGE }}
      # Build cached image
@ -115,7 +115,7 @@ jobs:
      # Check OS vulnerabilities
      - name: Check OS vulnerabilities
        if: ${{ inputs.CACHE_SUFFIX != 'arm' }}
-        uses: aquasecurity/trivy-action@69cbbc0cbbf6a2b0bab8dcf0e9f2d7ead08e87e4 # master
+        uses: aquasecurity/trivy-action@91713af97dc80187565512baba96e4364e983601 # master
        with:
          vuln-type: os
          skip-dirs: /root/.cargo
--- a/.github/workflows/doc-to-pdf.yml
+++ b/.github/workflows/doc-to-pdf.yml
@ -32,7 +32,7 @@ jobs:
        run: mkdocs serve & sleep 10
      - name: Run pdf script
        run: node docs/misc/pdf.js http://localhost:8000/print_page/ BunkerWeb_documentation_v${{ inputs.VERSION }}.pdf 'BunkerWeb documentation v${{ inputs.VERSION }}'
-      - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
+      - uses: actions/upload-artifact@c7d193f32edcb7bfad88892161225aeda64e9392 # v4.0.0
        with:
          name: BunkerWeb_documentation_v${{ inputs.VERSION }}.pdf
          path: BunkerWeb_documentation_v${{ inputs.VERSION }}.pdf
--- a/.github/workflows/linux-build.yml
+++ b/.github/workflows/linux-build.yml
@ -127,7 +127,7 @@ jobs:
          scp -r root@arm:/root/package-${{ inputs.LINUX }} ./package-${{ inputs.LINUX }}
        env:
          LARCH: ${{ env.LARCH }}
-      - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
+      - uses: actions/upload-artifact@c7d193f32edcb7bfad88892161225aeda64e9392 # v4.0.0
        with:
          name: package-${{ inputs.LINUX }}-${{ env.LARCH }}
          path: package-${{ inputs.LINUX }}/*.${{ inputs.PACKAGE }}
@ -135,7 +135,7 @@ jobs:
      - name: Extract metadata
        if: inputs.TEST == true
        id: meta
-        uses: docker/metadata-action@31cebacef4805868f9ce9a0cb03ee36c32df2ac4 # v5.3.0
+        uses: docker/metadata-action@9dc751fe249ad99385a2583ee0d084c400eee04e # v5.4.0
        with:
          images: ghcr.io/bunkerity/${{ inputs.LINUX }}-tests:${{ inputs.RELEASE }}
      - name: Build test image
--- a/.github/workflows/push-docker.yml
+++ b/.github/workflows/push-docker.yml
@ -63,7 +63,7 @@ jobs:
      # Compute metadata
      - name: Extract metadata
        id: meta
-        uses: docker/metadata-action@31cebacef4805868f9ce9a0cb03ee36c32df2ac4 # v5.3.0
+        uses: docker/metadata-action@9dc751fe249ad99385a2583ee0d084c400eee04e # v5.4.0
        with:
          images: bunkerity/${{ inputs.IMAGE }}
      # Build and push
--- a/.github/workflows/push-github.yml
+++ b/.github/workflows/push-github.yml
@ -19,7 +19,7 @@ jobs:
      # Get PDF doc
      - name: Get documentation
        if: inputs.VERSION != 'testing'
-        uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
+        uses: actions/download-artifact@f44cd7b40bfd40b6aa1cc1b9b5b7bf03d3c67110 # v4.1.0
        with:
          name: BunkerWeb_documentation_v${{ inputs.VERSION }}.pdf
      # Create tag
--- a/.github/workflows/push-packagecloud.yml
+++ b/.github/workflows/push-packagecloud.yml
@ -48,12 +48,12 @@ jobs:
      - name: Install packagecloud
        run: gem install package_cloud
      # Download packages
-      - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
+      - uses: actions/download-artifact@f44cd7b40bfd40b6aa1cc1b9b5b7bf03d3c67110 # v4.1.0
        if: inputs.LINUX != 'el'
        with:
          name: package-${{ inputs.LINUX }}-${{ inputs.PACKAGE_ARCH }}
          path: /tmp/${{ inputs.LINUX }}
-      - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
+      - uses: actions/download-artifact@f44cd7b40bfd40b6aa1cc1b9b5b7bf03d3c67110 # v4.1.0
        if: inputs.LINUX == 'el'
        with:
          name: package-rhel-${{ inputs.PACKAGE_ARCH }}
--- a/.github/workflows/scorecards-analysis.yml
+++ b/.github/workflows/scorecards-analysis.yml
@ -25,6 +25,6 @@ jobs:
          results_format: sarif
          publish_results: true
      - name: "Upload SARIF results to code scanning"
-        uses: github/codeql-action/upload-sarif@305f6546310b9203e892c28c1484e82977f4f63d # v2.22.10
+        uses: github/codeql-action/upload-sarif@b374143c1149a9115d881581d29b8390bbcbb59c # v3.22.11
        with:
          sarif_file: results.sarif
--- a/.github/workflows/staging-create-infra.yml
+++ b/.github/workflows/staging-create-infra.yml
@ -55,7 +55,7 @@ jobs:
        if: always()
        env:
          SECRET_KEY: ${{ secrets.SECRET_KEY }}
-      - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
+      - uses: actions/upload-artifact@c7d193f32edcb7bfad88892161225aeda64e9392 # v4.0.0
        if: always()
        with:
          name: tf-${{ inputs.TYPE }}
--- a/.github/workflows/staging-delete-infra.yml
+++ b/.github/workflows/staging-delete-infra.yml
@ -23,7 +23,7 @@ jobs:
        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
      - name: Install terraform
        uses: hashicorp/setup-terraform@a1502cd9e758c50496cc9ac5308c4843bcd56d36 # v3.0.0
-      - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
+      - uses: actions/download-artifact@f44cd7b40bfd40b6aa1cc1b9b5b7bf03d3c67110 # v4.1.0
        with:
          name: tf-${{ inputs.TYPE }}
          path: /tmp
--- a/.github/workflows/staging-tests.yml
+++ b/.github/workflows/staging-tests.yml
@ -43,7 +43,7 @@ jobs:
        if: inputs.TYPE == 'swarm'
      - name: Install test dependencies
        run: pip3 install --no-cache-dir --require-hashes --no-deps -r tests/requirements.txt
-      - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
+      - uses: actions/download-artifact@f44cd7b40bfd40b6aa1cc1b9b5b7bf03d3c67110 # v4.1.0
        with:
          name: tf-k8s
          path: /tmp
--- a/src/bw/lua/bunkerweb/plugin.lua
+++ b/src/bw/lua/bunkerweb/plugin.lua
@ -13,7 +13,6 @@ function plugin:initialize(id, ctx)
 	local current_phase = ngx.get_phase()
 	for _, check_phase in ipairs {
 		"set",
-		"ssl_certificate",
 		"access",
 		"content",
 		"header_filter",
--- a/src/common/confs/server-http/ssl-certificate-lua.conf
+++ b/src/common/confs/server-http/ssl-certificate-lua.conf
@ -8,29 +8,11 @@ ssl_certificate_by_lua_block {
 	local cjson         = require "cjson"
 	local ssl			= require "ngx.ssl"

-	-- Don't process internal requests
-	local logger        = clogger:new("SSL-CERTIFICATE")
-	if ngx.req.is_internal() then
-		logger:log(ngx.INFO, "skipped ssl_certificate phase because request is internal")
-		return true
-	end
-
-	-- Start access phase
+	-- Start ssl_certificate phase
+	local logger    = clogger:new("SSL-CERTIFICATE")
 	local datastore = cdatastore:new()
 	logger:log(ngx.INFO, "ssl_certificate phase started")

-	-- Fill ctx
-	logger:log(ngx.INFO, "filling ngx.ctx ...")
-	local ok, ret, errors, ctx = helpers.fill_ctx()
-	if not ok then
-		logger:log(ngx.ERR, "fill_ctx() failed : " .. ret)
-	elseif errors then
-		for i, error in ipairs(errors) do
-			logger:log(ngx.ERR, "fill_ctx() error " .. tostring(i) .. " : " .. error)
-		end
-	end
-	logger:log(ngx.INFO, "ngx.ctx filled (ret = " .. ret .. ")")
-
 	-- Get plugins order
 	local order, err = datastore:get("plugins_order", true)
 	if not order then
@ -48,10 +30,10 @@ ssl_certificate_by_lua_block {
 		elseif plugin_lua == nil then
 			logger:log(ngx.INFO, err)
 		else
-			-- Check if plugin has access method
+			-- Check if plugin has ssl_certificate method
 			if plugin_lua.ssl_certificate ~= nil then
 				-- New call
-				local ok, plugin_obj = helpers.new_plugin(plugin_lua, ctx)
+				local ok, plugin_obj = helpers.new_plugin(plugin_lua)
 				if not ok then
 					logger:log(ngx.ERR, plugin_obj)
 				else
@ -85,9 +67,6 @@ ssl_certificate_by_lua_block {
 	end
 	logger:log(ngx.INFO, "called ssl_certificate() methods of plugins")

-	-- Save ctx
-	ngx.ctx = ctx
-
 	logger:log(ngx.INFO, "ssl_certificate phase ended")

 	return true
--- a/src/common/core/customcert/customcert.lua
+++ b/src/common/core/customcert/customcert.lua
@ -11,9 +11,9 @@ function customcert:initialize(ctx)
 end

 function customcert:init()
-	local ok, err = true, "success"
+	local ret_ok, ret_err = true, "success"
    if utils.has_variable("USE_CUSTOM_SSL", "yes") then
-		local multisite, err = utils.get_variable("MULTISITE")
+		local multisite, err = utils.get_variable("MULTISITE", false)
 		if not multisite then
 			return self:ret(false, "can't get MULTISITE variable : " .. err)
 		end
@ -26,14 +26,14 @@ function customcert:init()
 				local check, data = self:read_files()
 				if not check then
 					self.logger:log(ngx.ERR, "error while reading files : " .. err)
-					ok = false
-					err = "error reading files"
+					ret_ok = false
+					ret_err = "error reading files"
 				else
 					local check, err = self:load_data(data)
 					if not check then
 						self.logger:log(ngx.ERR, "error while loading data : " .. err)
-						ok = false
-						err = "error loading data"
+						ret_ok = false
+						ret_err = "error loading data"
 					end
 				end
 			end
@ -41,15 +41,15 @@ function customcert:init()
 				if multisite_vars["USE_CUSTOM_SSL"] == "yes" then
 					local check, data = self:read_files(server_name)
 					if not check then
-						self.logger:log(ngx.ERR, "error while reading files : " .. err)
-						ok = false
-						err = "error reading files"
+						self.logger:log(ngx.ERR, "error while reading files : " .. data)
+						ret_ok = false
+						ret_err = "error reading files"
 					else
 						local check, err = self:load_data(data, server_name)
 						if not check then
 							self.logger:log(ngx.ERR, "error while loading data : " .. err)
-							ok = false
-							err = "error loading data"
+							ret_ok = false
+							ret_err = "error loading data"
 						end
 					end
 				end
@ -57,33 +57,37 @@ function customcert:init()
 		else
 			local check, data = self:read_files()
 			if not check then
-				self.logger:log(ngx.ERR, "error while reading files : " .. err)
-				ok = false
-				err = "error reading files"
+				self.logger:log(ngx.ERR, "error while reading files : " .. data)
+				ret_ok = false
+				ret_err = "error reading files"
 			else
 				local check, err = self:load_data(data)
 				if not check then
 					self.logger:log(ngx.ERR, "error while loading data : " .. err)
-					ok = false
-					err = "error loading data"
+					ret_ok = false
+					ret_err = "error loading data"
 				end
 			end
 		end
 	else
-		err = "custom ssl is not used"
+		ret_err = "custom ssl is not used"
    end
-	return self:ret(ok, err)
+	return self:ret(ret_ok, ret_err)
 end

 function customcert:ssl_certificate()
+	local server_name, err = ssl.server_name()
+	if not server_name then
+		return self:ret(false, "can't get server_name : " .. err)
+	end
    if self.variables["USE_CUSTOM_SSL"] == "yes" then
 		local global_data, err = self.datastore:get("plugin_customcert_global", true)
 		if not global_data and err ~= "not found" then
 			return self:ret(false, "error while getting plugin_customcert_global from datastore : " .. err)
 		end
-		local site_data, err = self.datastore:get("plugin_customcert_" .. self.ctx.bw.server_name, true)
+		local site_data, err = self.datastore:get("plugin_customcert_" .. server_name, true)
 		if not site_data and err ~= "not found" then
-			return self:ret(false, "error while getting plugin_customcert_" .. self.ctx.bw.server_name .. " from datastore : " .. err)
+			return self:ret(false, "error while getting plugin_customcert_" .. server_name .. " from datastore : " .. err)
 		end
 		if not global_data and not site_data then
 			return self:ret(false, "both global and site cert are not present in datastore")
@ -117,7 +121,7 @@ function customcert:load_data(data, server_name)
 		return false, "error while parsing pem cert : " .. err
 	end
 	-- Load key
-	local priv_key, err = ssl.parse_priv_key(data[2])
+	local priv_key, err = ssl.parse_pem_priv_key(data[2])
 	if not priv_key then
 		return false, "error while parsing pem priv key : " .. err
 	end
--- a/src/common/core/customcert/jobs/custom-cert.py
+++ b/src/common/core/customcert/jobs/custom-cert.py
@ -104,14 +104,7 @@ try:
        key_data = b64decode(getenv("CUSTOM_SSL_KEY_DATA", ""))
        for file, data in [("cert.pem", cert_data), ("key.pem", key_data)]:
            if data != b"":
-                file_path = Path(
-                    sep,
-                    "var",
-                    "tmp",
-                    "bunkerweb",
-                    "customcert",
-                    file
-                )
+                file_path = Path(sep, "var", "tmp", "bunkerweb", "customcert", file)
                file_path.parent.mkdir(parents=True, exist_ok=True)
                file_path.write_bytes(data)
                if file == "cert.pem":
@ -119,9 +112,6 @@ try:
                else:
                    key_path = str(file_path)

-        if cert_data != b"":
-            with open()
-
        if cert_path and key_path:
            logger.info(f"Checking certificate {cert_path} ...")
            need_reload = check_cert(cert_path, key_path)
@ -151,15 +141,7 @@ try:
            key_data = b64decode(getenv(f"{first_server}_CUSTOM_SSL_KEY_DATA", ""))
            for file, data in [("cert.pem", cert_data), ("key.pem", key_data)]:
                if data != b"":
-                    file_path = Path(
-                        sep,
-                        "var",
-                        "tmp",
-                        "bunkerweb",
-                        "customcert",
-                        server_name,
-                        file
-                    )
+                    file_path = Path(sep, "var", "tmp", "bunkerweb", "customcert", server_name, file)
                    file_path.parent.mkdir(parents=True, exist_ok=True)
                    file_path.write_bytes(data)
                    if file == "cert.pem":
--- a/src/common/core/letsencrypt/letsencrypt.lua
+++ b/src/common/core/letsencrypt/letsencrypt.lua
@ -12,9 +12,9 @@ function letsencrypt:initialize(ctx)
 end

 function letsencrypt:init()
-	local ok, err = true, "success"
+	local ret_ok, ret_err = true, "success"
    if utils.has_variable("AUTO_LETS_ENCRYPT", "yes") then
-		local multisite, err = utils.get_variable("MULTISITE")
+		local multisite, err = utils.get_variable("MULTISITE", false)
 		if not multisite then
 			return self:ret(false, "can't get MULTISITE variable : " .. err)
 		end
@ -27,49 +27,53 @@ function letsencrypt:init()
 				if multisite_vars["AUTO_LETS_ENCRYPT"] == "yes" then
 					local check, data = self:read_files(server_name)
 					if not check then
-						self.logger:log(ngx.ERR, "error while reading files : " .. err)
-						ok = false
-						err = "error reading files"
+						self.logger:log(ngx.ERR, "error while reading files : " .. data)
+						ret_ok = false
+						ret_err = "error reading files"
 					else
 						local check, err = self:load_data(data, server_name)
 						if not check then
 							self.logger:log(ngx.ERR, "error while loading data : " .. err)
-							ok = false
-							err = "error loading data"
+							ret_ok = false
+							ret_err = "error loading data"
 						end
 					end
 				end
 			end
 		else
-			local server_name, err = utils.get_variable("SERVER_NAME")
+			local server_name, err = utils.get_variable("SERVER_NAME", false)
 			if not server_name then
 				return self:ret(false, "can't get SERVER_NAME variable : " .. err)
 			end
 			local check, data = self:read_files(server_name:gmatch("%S+")[1])
 			if not check then
-				self.logger:log(ngx.ERR, "error while reading files : " .. err)
-				ok = false
-				err = "error reading files"
+				self.logger:log(ngx.ERR, "error while reading files : " .. data)
+				ret_ok = false
+				ret_err = "error reading files"
 			else
 				local check, err = self:load_data(data)
 				if not check then
 					self.logger:log(ngx.ERR, "error while loading data : " .. err)
-					ok = false
-					err = "error loading data"
+					ret_ok = false
+					ret_err = "error loading data"
 				end
 			end
 		end
 	else
-		err = "let's encrypt is not used"
+		ret_err = "let's encrypt is not used"
    end
-	return self:ret(ok, err)
+	return self:ret(ret_ok, ret_err)
 end

 function letsencrypt:ssl_certificate()
+	local server_name, err = ssl.server_name()
+	if not server_name then
+		return self:ret(false, "can't get server_name : " .. err)
+	end
    if self.variables["AUTO_LETS_ENCRYPT"] == "yes" then
-		local data, err = self.datastore:get("plugin_letsencrypt_" .. self.ctx.bw.server_name, true)
+		local data, err = self.datastore:get("plugin_letsencrypt_" .. server_name, true)
 		if not data then
-			return self:ret(false, "error while getting plugin_letsencrypt_" .. self.ctx.bw.server_name .. " from datastore : " .. err)
+			return self:ret(false, "error while getting plugin_letsencrypt_" .. server_name .. " from datastore : " .. err)
 		end
        return self:ret(true, "certificate/key data found", data)
    end
@ -100,7 +104,7 @@ function letsencrypt:load_data(data, server_name)
 		return false, "error while parsing pem cert : " .. err
 	end
 	-- Load key
-	local priv_key, err = ssl.parse_priv_key(data[2])
+	local priv_key, err = ssl.pars_pem_priv_key(data[2])
 	if not priv_key then
 		return false, "error while parsing pem priv key : " .. err
 	end
--- a/src/common/core/selfsigned/selfsigned.lua
+++ b/src/common/core/selfsigned/selfsigned.lua
@ -11,9 +11,9 @@ function selfsigned:initialize(ctx)
 end

 function selfsigned:init()
-	local ok, err = true, "success"
+	local ret_ok, ret_err = true, "success"
    if utils.has_variable("GENERATE_SELF_SIGNED_SSL", "yes") then
-		local multisite, err = utils.get_variable("MULTISITE")
+		local multisite, err = utils.get_variable("MULTISITE", false)
 		if not multisite then
 			return self:ret(false, "can't get MULTISITE variable : " .. err)
 		end
@ -26,49 +26,53 @@ function selfsigned:init()
 				if multisite_vars["GENERATE_SELF_SIGNED_SSL"] == "yes" then
 					local check, data = self:read_files(server_name)
 					if not check then
-						self.logger:log(ngx.ERR, "error while reading files : " .. err)
-						ok = false
-						err = "error reading files"
+						self.logger:log(ngx.ERR, "error while reading files : " .. data)
+						ret_ok = false
+						ret_err = "error reading files"
 					else
 						local check, err = self:load_data(data, server_name)
 						if not check then
 							self.logger:log(ngx.ERR, "error while loading data : " .. err)
-							ok = false
-							err = "error loading data"
+							ret_ok = false
+							ret_err = "error loading data"
 						end
 					end
 				end
 			end
 		else
-			local server_name, err = utils.get_variable("SERVER_NAME")
+			local server_name, err = utils.get_variable("SERVER_NAME", false)
 			if not server_name then
 				return self:ret(false, "can't get SERVER_NAME variable : " .. err)
 			end
 			local check, data = self:read_files(server_name:gmatch("%S+")[1])
 			if not check then
-				self.logger:log(ngx.ERR, "error while reading files : " .. err)
-				ok = false
-				err = "error reading files"
+				self.logger:log(ngx.ERR, "error while reading files : " .. data)
+				ret_ok = false
+				ret_err = "error reading files"
 			else
 				local check, err = self:load_data(data)
 				if not check then
 					self.logger:log(ngx.ERR, "error while loading data : " .. err)
-					ok = false
-					err = "error loading data"
+					ret_ok = false
+					ret_err = "error loading data"
 				end
 			end
 		end
 	else
-		err = "self signed is not used"
+		ret_err = "self signed is not used"
    end
-	return self:ret(ok, err)
+	return self:ret(ret_ok, ret_err)
 end

 function selfsigned:ssl_certificate()
+	local server_name, err = ssl.server_name()
+	if not server_name then
+		return self:ret(false, "can't get server_name : " .. err)
+	end
    if self.variables["GENERATE_SELF_SIGNED_SSL"] == "yes" then
-		local data, err = self.datastore:get("plugin_selfsigned_" .. self.ctx.bw.server_name, true)
+		local data, err = self.datastore:get("plugin_selfsigned_" .. server_name, true)
 		if not data then
-			return self:ret(false, "error while getting plugin_selfsigned_" .. self.ctx.bw.server_name .. " from datastore : " .. err)
+			return self:ret(false, "error while getting plugin_selfsigned_" .. server_name .. " from datastore : " .. err)
 		end
        return self:ret(true, "certificate/key data found", data)
    end
@ -77,8 +81,8 @@ end

 function selfsigned:read_files(server_name)
 	local files = {
-		"/var/cache/bunkerweb/selfsigned/" .. server_name .. "/cert.pem",
-		"/var/cache/bunkerweb/selfsigned/" .. server_name .. "/key.pem"
+		"/var/cache/bunkerweb/selfsigned/" .. server_name .. ".pem",
+		"/var/cache/bunkerweb/selfsigned/" .. server_name .. ".key"
 	}
 	local data = {}
 	for i, file in ipairs(files) do
@ -99,7 +103,7 @@ function selfsigned:load_data(data, server_name)
 		return false, "error while parsing pem cert : " .. err
 	end
 	-- Load key
-	local priv_key, err = ssl.parse_priv_key(data[2])
+	local priv_key, err = ssl.parse_pem_priv_key(data[2])
 	if not priv_key then
 		return false, "error while parsing pem priv key : " .. err
 	end