Cuberite ForumCuberiteDevelopment
Yggdrasil Auth

Threaded Mode
Yggdrasil Auth
xoft Offline
Cuberite Developer
******
Posts: 6,485
Threads: 176
Joined: Jan 2012
Thanks: 131
Given 1074 thank(s) in 852 post(s)
#11
04-14-2014, 10:00 PM
Saving the root CA is a nice idea, and it should work, until either the root CA and or any of the intermediate CAs go out of validity, which is in 2030+. Elegant solution.
I don't think the server has more certificates, because each cert is paid and why get more if you can reuse the same cert as long as the domain name matches?
Find
Reply
Thanks given by:
bearbin Offline
Cuberite Developer
******
Posts: 1,469
Threads: 57
Joined: Jul 2012
Thanks: 66
Given 127 thank(s) in 108 post(s)
#12
04-14-2014, 10:16 PM
Also, what if they change CA?
Find
Reply
Thanks given by:
worktycho Offline
Cuberite Developer
******
Posts: 783
Threads: 12
Joined: Jan 2014
Thanks: 2
Given 73 thank(s) in 61 post(s)
#13
04-14-2014, 10:20 PM
Stick another root cert in. Servers can't have multiple certs but in this situation we're the client so we can have as many certs as we can fit on the drive.

@xoft Saving the root CA is elegant, that's why everyone does that.
Find
Reply
Thanks given by:
xoft Offline
Cuberite Developer
******
Posts: 6,485
Threads: 176
Joined: Jan 2012
Thanks: 131
Given 1074 thank(s) in 852 post(s)
#14
04-14-2014, 11:27 PM
Yeah, everyone does that and look where it got them - now they can't easily revoke certs after heartbleedTongue
I don't like the idea of keeping multiple CA certs and having to take care of them. I'm willing to do this if the cert doesn't change; the first time it changes, the code goes out and we use fingerprints.
Find
Reply
Thanks given by:




Users browsing this thread: 1 Guest(s)