[pve-devel] [pve-manager] Do not use a hardcoded Certificate Authority for https repositories

Fabian Grünbichler f.gruenbichler at proxmox.com
Thu Jul 14 11:26:39 CEST 2016


On Wed, Jul 13, 2016 at 12:17:03PM +0200, Emmanuel Kasper wrote:
> Instead we will the use the CA certificate provided by the
> ca-certificates packages, which is now a mandatory depency of
> pve-manager since 8204daafaf4063dabd8a23c36dfb16719650d2fc and
> pve-manager 4.2-17. This change allows us in the future to
> use different CA for our https repositories.
> 
> This changed has been tested OK with the following combination:
>  * https repository using a StartCom certificate: works
>  * https repository using a Let's encrypt certificate: works
> 
> User visible changes:
>  * none : the new configuration file 75pveconf silently
>  overwrites the olderone, except if local changes were made
>  in which case you're presented with the traditional debian menu
>  (keep local/ use packager version/ diff / open a shell)

looks good to me, backport for stable-3 would also be necessary..

also s/depency/dependency/ ;)




More information about the pve-devel mailing list