[pve-devel] [PATCH pve-cluster v2 0/3] fix #6701: Update PVE cert generation

Arthur Bied-Charreton Mon, 26 Jan 2026 02:12:17 -0800

The main fix (1/3) adds the keyUsage extension to PVE's root CA, which
is required by RFC 5280.


{2,3}/3 address review feedback [1] by eliminating temporary config
files and moving temp file creation from /tmp to /run to prevent symlink
races.

More details in the commit messages.

[1]
https://lore.proxmox.com/pve-devel/[email protected]/T/#t

Arthur Bied-Charreton (3):
  fix #6701: Add keyUsage extension to root CA
  Convert SSL cert generation config to CLI arguments
  Create temporary CSR file in /run instead of /tmp

 src/PVE/Cluster/Setup.pm | 45 +++++++++++-----------------------------
 1 file changed, 12 insertions(+), 33 deletions(-)

-- 
2.47.3


_______________________________________________
pve-devel mailing list
[email protected]
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

[pve-devel] [PATCH pve-cluster v2 0/3] fix #6701: Update PVE cert generation

Reply via email to