为CA证书启用自动重载 #3607
Merged
为CA证书启用自动重载 #3607
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add an option `certificates.buildChain` in TLSConfig to generate cert chains during issuing certificates.
fix not reloading when cert updated but key not
|
感谢 PR!问下 buildChain 加入 CA 证书有副作用吗?如果没有似乎可以当 bug 修了不用加选项? |
|
参考acme.sh的 xxxx.cer 和 fullchain.cer |
另外修复了原证书重载中,若私钥不变,证书改变无法重载的问题,忘了写,已编辑。 |
|
晚点应该会合并 |
|
I believe this is missing documentation |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
issue的CA证书启用自动重载,用法与encipherment一致,使用ocspStapling作为重载检查周期,且与oneTimeLoading冲突。buildChain,类型为bool,仅对issue用途的CA证书生效,用于将CA证书嵌入证书链。解决当签名CA为中间CA时,客户端仅信任根CA的情况下,证书链不完整的问题。