> On 27 Feb 2024, at 20:38, David Zhang <david.zh...@highgo.ca> wrote: > > Hi Hackers, > > The current descriptions for server_ca.config and client_ca.config are not so > accurate. For example, one of the descriptions in server_ca.config states, > "This certificate is used to sign server certificates. It is self-signed." > However, the server_ca.crt and client_ca.crt are actually signed by the > root_ca.crt, which is the only self-signed certificate.
IIRC the intent was to say it isn't signed by an official CA, but I agree it's misleading. > Therefore, it would be more accurate to change it to "This certificate is > used to sign server certificates. It is an Intermediate CA." Agreed. We should perhaps add the "This certificate is self-signed" sentence to root_ca.conf as well while at it, it's currently only mentioned in sslfiles.mk and adding it to the config would make the documentation more consistent. > Attached is a patch attempting to fix the description issue. Thanks, I'll have another look and will apply. -- Daniel Gustafsson
