Arne Babenhauserheide <[email protected]> writes: > Ian Clarke <[email protected]> writes: > >> Thank you for your work on this Arne. >> Regarding the certs, I don't have a strong opinion but doesn't Amazon also do >> this? Since we're migrating to Amazon already and AWS has fairly powerful >> multi-user admin capabilities, wouldn't it be better to use them? >> Ian. > > We’re migrating to the Amazon CA. > > However the steps I wrote were much too complex. If I saw it correctly, > what we really require is just *adding* the new certificates to Freenet, > then we can switch to the new host and keep the links, and everything > should keep working. > > I’m not doing the non-necessary changes before April 8th.
What we really need to do: Add the Amacon CA pins to fred and ensure that startssl.pem is updated (via fred/src/freenet/node/Node.java: private void fixCertsFiles() ). Sha1Test uses $CAFILE which is startssl.pem, so it will be fixed automatically. We’ll need to make sure that it is compatible to the Amacon certs. See https://github.com/freenet/fred/pull/612 Sha1Test is in java_installer/src/Sha1Test.java Best wishes, Arne -- Unpolitisch sein heißt politisch sein ohne es zu merken
signature.asc
Description: PGP signature
