]> git.proxmox.com Git - proxmox-acme.git/commit
projects / proxmox-acme.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: b5d46dc) | patch
support downloading alternate chains
authorFabian Grünbichler <f.gruenbichler@proxmox.com>
Fri, 8 Oct 2021 08:18:21 +0000 (10:18 +0200)
committerThomas Lamprecht <t.lamprecht@proxmox.com>
Fri, 8 Oct 2021 08:55:49 +0000 (10:55 +0200)
commit2307c38b59c6bc8f1e3dae4748a17d7943f4009f
treeedc0e374d20e3174d6284a299624d7aa929280f4tree
parentb5d46dc4a6a3d9c599907984e9a0961a5074890ccommit | diff
support downloading alternate chains

the current default chains end with an expired root certificate for
maximum compatibility with old Android versions. this breaks some other
older clients (openssl, gnutls) which don't expect chains to contain any
expired certificates, even if they are 'above' the trust anchor.

by setting $root, it is possible to specify which root the ACME provided
certificate chain should end with, downloading alternate chains as
necessary.

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Reviewed-by: Stoiko Ivanov <s.ivanov@proxmox.com>
Tested-by: Stoiko Ivanov <s.ivanov@proxmox.com>
src/PVE/ACME.pm diff | blob | blame | history
ACME library and helpers for perl based Proxmox projects