On Sat, Mar 14, 2009 at 07:15:50PM +0000, Andrew M. Bishop wrote: > > So, every time "the root CA certificate has expired; replacing it" > > wwwoffle causes a major outage not only for itself, but the whole > > system: on can only reboot. > Expiring security certificates is good practice and as I said in > yesterday's message GnuTLS originally had no option but to generate > certificates using high quality randomness.
could the certificate be generated after wwwoffle is done starting up? it is quite annoying (and can cause trouble for uptime critical machines) if the whole bootup sequence is blocked because it has to wait for wwwoffle. i'd rather have only wwwoffle semi-functional instead of having the whole machine nonfunctional while the certificate is regenerated. on a server where wwwoffle runs without restart for months the regeneration of an expired certificate should not wait until restart either. greetings, martin. -- cooperative communication with sTeam - caudium, pike, roxen and unix offering: programming, training and administration - anywhere in the world -- pike programmer working in china community.gotpike.org unix system- iaeste.(tuwien.ac|or).at open-steam.org administrator caudium.org is.schon.org Martin Bähr http://www.iaeste.or.at/~mbaehr/
