[pve-devel] [pve-manager] Do not use a hardcoded Certificate Authority for https repositories
Emmanuel Kasper
e.kasper at proxmox.com
Thu Aug 4 09:53:33 CEST 2016
On 07/14/2016 11:26 AM, Fabian Grünbichler wrote:
> On Wed, Jul 13, 2016 at 12:17:03PM +0200, Emmanuel Kasper wrote:
>> Instead we will the use the CA certificate provided by the
>> ca-certificates packages, which is now a mandatory depency of
>> pve-manager since 8204daafaf4063dabd8a23c36dfb16719650d2fc and
>> pve-manager 4.2-17. This change allows us in the future to
>> use different CA for our https repositories.
>>
>> This changed has been tested OK with the following combination:
>> * https repository using a StartCom certificate: works
>> * https repository using a Let's encrypt certificate: works
>>
>> User visible changes:
>> * none : the new configuration file 75pveconf silently
>> overwrites the olderone, except if local changes were made
>> in which case you're presented with the traditional debian menu
>> (keep local/ use packager version/ diff / open a shell)
>
> looks good to me, backport for stable-3 would also be necessary..
>
> also s/depency/dependency/ ;)
>
I also tested the following combination:
* https connection being rejected with a self signed cert: works
More information about the pve-devel
mailing list