Skip to content
GitLab
Closed
Issue created by ge0rg@ge0rgContributor

Replace cert hash with SPKI

With LetsEncrypt and ACME, certificates are limited to 90 days. There is some probability that the private key used will have a longer life-time in XMPP-land. Therefore, please anchor the server identity on the SPKI and not on the cert hash.

  • Changesets:
    • Revision ef84a109 by mathieui on 2017-10-09T22:52:44Z:
Fix #3190 (TOFU the SPKI hash and not the whole cert)

Makes letsencrypt renewals more pleasant.
Thanks jonasw and aioxmpp for the ASN.1 wizardry