Le samedi, 26 août 2017, 15.47:20 h CEST Didier Raboud a écrit :
> > * Generate SHA-2 signed certificates by default. This will lessenthe
> > additional browser warnings.
>
> The CUPS server certificates are setup to be ssl-cert's (see symlinking code
> in cups-daemon.postinst, so that's a good suggestion for that to be fixed
> centrally in ssl-cert.
Oh. As I was explaining bug #865598, I actually noticed that that symlinking
code was just useless now (it symlinks to `…/server.crt` where CUPS uses
`…/$(gethostname()).crt`).
So the certificate creation indeed happens in CUPS (cups/tls-gnutls.c, line
184):
> gnutls_x509_crt_sign(crt, crt, key);
But I stand to my initial position: I'm not going to maintain a non-upstream
patch queue of crypto code.
Cheers,
OdyXAttachment:
signature.asc
Description: This is a digitally signed message part.