Le samedi, 26 août 2017, 15.47:20 h CEST Didier Raboud a écrit : > > * Generate SHA-2 signed certificates by default. This will lessenthe > > additional browser warnings. > > The CUPS server certificates are setup to be ssl-cert's (see symlinking code > in cups-daemon.postinst, so that's a good suggestion for that to be fixed > centrally in ssl-cert. Oh. As I was explaining bug #865598, I actually noticed that that symlinking code was just useless now (it symlinks to `…/server.crt` where CUPS uses `…/$(gethostname()).crt`). So the certificate creation indeed happens in CUPS (cups/tls-gnutls.c, line 184): > gnutls_x509_crt_sign(crt, crt, key); But I stand to my initial position: I'm not going to maintain a non-upstream patch queue of crypto code. Cheers, OdyX
Attachment:
signature.asc
Description: This is a digitally signed message part.