Le samedi, 26 août 2017, 15.47:20 h CEST Didier Raboud a écrit : > > * Generate SHA-2 signed certificates by default. This will lessenthe > > additional browser warnings. > > The CUPS server certificates are setup to be ssl-cert's (see symlinking code > in cups-daemon.postinst, so that's a good suggestion for that to be fixed > centrally in ssl-cert.
Oh. As I was explaining bug #865598, I actually noticed that that symlinking
code was just useless now (it symlinks to `…/server.crt` where CUPS uses
`…/$(gethostname()).crt`).
So the certificate creation indeed happens in CUPS (cups/tls-gnutls.c, line
184):
> gnutls_x509_crt_sign(crt, crt, key);
But I stand to my initial position: I'm not going to maintain a non-upstream
patch queue of crypto code.
Cheers,
OdyX
signature.asc
Description: This is a digitally signed message part.
