Thanks for your submission. I understand your motivation, but i am unsure if we should force to keep the same certificate without having an configuration option to force the certificate re-generation.
My suggestions for your changes:
- Implement a configuration directive ( ssl_cert_regenerate ) to allow users to force the self-signed certificate generation. Which would be the first check to do.
- On the function is_selfsigned_cert_stale() Please check first if the private key has changed (available on config.get('ssl_keylocation') that will allow us to determine quicker is the certificate is stale.
Hello David,
Thanks for your submission. I understand your motivation, but i am unsure if we should force to keep the same certificate without having an configuration option to force the certificate re-generation.
My suggestions for your changes:
- Implement a configuration directive ( ssl_cert_regenerate ) to allow users to force the self-signed certificate generation. Which would be the first check to do.
- On the function is_selfsigned_ cert_stale( ) Please check first if the private key has changed (available on config. get('ssl_ keylocation' ) that will allow us to determine quicker is the certificate is stale.
Please Let me know your observations.