GNU bug report logs -
#29467
[PATCH] web: Don't error about missing ssl related files.
Previous Next
Reported by: Christopher Baines <mail <at> cbaines.net>
Date: Mon, 27 Nov 2017 08:27:01 UTC
Severity: normal
Tags: patch
Done: Christopher Baines <mail <at> cbaines.net>
Bug is archived. No further changes may be made.
Full log
View this message in rfc822 format
Hi,
julien lepiller <julien <at> lepiller.eu> skribis:
> Le 2017-12-05 12:14, ludo <at> gnu.org a écrit :
[...]
>> We cannot check for file existence at configuration time for the
>> reasons
>> above.
>>
>> We cannot check for file existence at build time because certificates
>> may be part of the machine’s state; they are typically managed in a
>> stateful fashion, outside of GuixSD.
>>
>> So the only option we’re left with is checking at run time, when we
>> start the service. But that’s something nginx already does, I think?
>>
>> As for the default, I would be in favor of setting it to #f, because I
>> can’t really think of a default that would work for everyone.
>>
>> WDYT?
>
> Having it default to #f is fine with me. Nginx does this check at
> runtime
> and will refuse to start if these files are missing. Keeping https-port
> to 443 and certificates to #f means it will not be able to establish a
> connection to the client, but the http website will be available. So
> just
> setting the key and the certificate to #f by default should be OK.
OK, sounds good.
Chris, can you make this change?
Thanks,
Ludo’.
This bug report was last modified 7 years and 241 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.