Hi Hackers, The current descriptions for server_ca.config and client_ca.config are not so accurate. For example, one of the descriptions in server_ca.config states, "This certificate is used to sign server certificates. It is self-signed." However, the server_ca.crt and client_ca.crt are actually signed by the root_ca.crt, which is the only self-signed certificate. Therefore, it would be more accurate to change it to "This certificate is used to sign server certificates. It is an Intermediate CA." Attached is a patch attempting to fix the description issue. Best regards, David
> On 27 Feb 2024, at 20:38, David Zhang <david.zhang@highgo.ca> wrote: > > Hi Hackers, > > The current descriptions for server_ca.config and client_ca.config are not so accurate. For example, one of the descriptionsin server_ca.config states, "This certificate is used to sign server certificates. It is self-signed." However,the server_ca.crt and client_ca.crt are actually signed by the root_ca.crt, which is the only self-signed certificate. IIRC the intent was to say it isn't signed by an official CA, but I agree it's misleading. > Therefore, it would be more accurate to change it to "This certificate is used to sign server certificates. It is an IntermediateCA." Agreed. We should perhaps add the "This certificate is self-signed" sentence to root_ca.conf as well while at it, it's currently only mentioned in sslfiles.mk and adding it to the config would make the documentation more consistent. > Attached is a patch attempting to fix the description issue. Thanks, I'll have another look and will apply. -- Daniel Gustafsson
Сайт использует файлы cookie для корректной работы и повышения удобства. Нажимая кнопку «Принять» или продолжая пользоваться сайтом, вы соглашаетесь на их использование в соответствии с Политикой в отношении обработки cookie ООО «ППГ», в том числе на передачу данных из файлов cookie сторонним статистическим и рекламным службам. Вы можете управлять настройками cookie через параметры вашего браузера