[Pkg-voip-commits] [resiprocate] 12/14: Update TLS notes in repro.README.Debian

[Daniel Pocock]

This is an automated email from the git hooks/post-receive script.

pocock pushed a commit to branch master
in repository resiprocate.

commit 0519d84dc5753e428c0d38e8c8561f742f29e332
Author: Daniel Pocock <daniel at pocock.com.au>
Date:   Sun Jan 12 09:38:36 2014 +0100

    Update TLS notes in repro.README.Debian
---
 debian/repro.README.Debian | 44 ++++++++++++--------------------------------
 1 file changed, 12 insertions(+), 32 deletions(-)

diff --git a/debian/repro.README.Debian b/debian/repro.README.Debian
index 70be8a8..c94abc5 100644
--- a/debian/repro.README.Debian
+++ b/debian/repro.README.Debian
@@ -48,42 +48,22 @@ SSL/TLS on Debian
 
 The normal place for certs on Debian is in /etc/ssl
 
-repro has particular expectations about certificate filenames
-and permissions.
+Before repro v1.9.0~beta9, repro had particular expectations about
+certificate filenames and permissions.
 
+In particular, they needed to have names matching a particular
+template.
 
-  Stategy A:
-  ----------
+Now, however, it is possible to specify any arbitrary certificate
+and key filenames on a per-transport basis, e.g.
 
-    If the certs you need are shared, or if your local policy
-    is to keep all certs and keys under /etc/ssl, then you need
-    to do two things:
+Transport1TlsCertificate = /etc/ssl/ssl.crt/sip-server.example.org.crt
+Transport1TlsPrivateKey = /etc/ssl/ssl.key/sip-server.example.org.key
 
-      - add the repro user to the group ssl-cert
-
-          addgroup repro ssl-cert
-
-      - create symlinks in /etc/repro/ssl pointing to the real
-        certs and keys in /etc/ssl, e.g:
-
-        ln -s /etc/ssl/ssl.crt/sip-server.example.org.crt \
-           /etc/repro/ssl/domain_cert_sip-server.example.org.pem
-
-        ln -s /etc/ssl/ssl.key/sip-server.example.org.key \
-           /etc/repro/ssl/domain_key_sip-server.example.org.pem
-
-        Note that filenames must be in that exact format, with
-        the domain_ prefix and the .pem suffix
-
-  Strategy B:
-  -----------
-
-    If the certs you need are ONLY for repro, then create
-    the certs and keys in /etc/repro/ssl using the naming
-    convention expected by repro (see examples above)
-
-    They can be owned by root and readable for the `repro'
-    user.
+The TlsCertificate file should also contain any intermediate certificates.
+The server certificate should be first and the intermiediate certificates
+should be listed in order, starting with the one that signed your
+certificate and finishing with the one below the root.
 
   Intermediate certificates
   -------------------------

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-voip/resiprocate.git