> On 27 Feb 2024, at 20:38, David Zhang <david.zhang@highgo.ca> wrote:
>
> Hi Hackers,
>
> The current descriptions for server_ca.config and client_ca.config are not so accurate. For example, one of the
descriptionsin server_ca.config states, "This certificate is used to sign server certificates. It is self-signed."
However,the server_ca.crt and client_ca.crt are actually signed by the root_ca.crt, which is the only self-signed
certificate.
IIRC the intent was to say it isn't signed by an official CA, but I agree it's
misleading.
> Therefore, it would be more accurate to change it to "This certificate is used to sign server certificates. It is an
IntermediateCA."
Agreed. We should perhaps add the "This certificate is self-signed" sentence
to root_ca.conf as well while at it, it's currently only mentioned in
sslfiles.mk and adding it to the config would make the documentation more
consistent.
> Attached is a patch attempting to fix the description issue.
Thanks, I'll have another look and will apply.
--
Daniel Gustafsson