Replace cert hash with SPKI
With LetsEncrypt and ACME, certificates are limited to 90 days. There is some probability that the private key used will have a longer life-time in XMPP-land. Therefore, please anchor the server identity on the SPKI and not on the cert hash.
- Revision ef84a109 by mathieui on 2017-10-09T22:52:44Z:
Fix #3190 (TOFU the SPKI hash and not the whole cert) Makes letsencrypt renewals more pleasant. Thanks jonasw and aioxmpp for the ASN.1 wizardry
To upload designs, you'll need to enable LFS and have admin enable hashed storage. More information