#5 acme_updater, acme_tlsa_mail: Insufficient comparison of certificate serial numbers

Lezárt
megnyitva ekkor: 7 éve Hoshpak által · 0 hozzászólás
Helmut Pozimski hozzászólt 7 éve

Both scripts currently compare the serial number of the currently installed and available certificate to determine if a certificate needs to be updated. Based on the assumption that the serial numbers are integers and always incremented, it determines that a certificate is newer if it's serial number is higher than the old one. This does not hold true for the certificates issued by Let's Encrypt. Since in this scenario, acmetool is the authoritative source for certificates anyway I think it's safe to assume that if the value of the serial differs from the currently installed one, it is newer and should be replaced.

Both scripts currently compare the serial number of the currently installed and available certificate to determine if a certificate needs to be updated. Based on the assumption that the serial numbers are integers and always incremented, it determines that a certificate is newer if it's serial number is higher than the old one. This does not hold true for the certificates issued by Let's Encrypt. Since in this scenario, acmetool is the authoritative source for certificates anyway I think it's safe to assume that if the value of the serial differs from the currently installed one, it is newer and should be replaced.
Hoshpak lezárta ekkor: 7 éve
Jelentkezzen be hogy csatlakozhasson a beszélgetéshez.
Nincs mérföldkő
Nincs megbízott
1 Résztvevő
Töltés...
Mégse
Mentés
Még nincs tartalom.