e1e3d8a92b
- Remove openssl.cnf which includes many unused settings.
- Generate the key and cert files with a single call to openssl.
- Option `-nodes` ("no DES") disables encryption of the key file.
- Option `-addext` is used to specify `subjectAltName` settings
that were previously defined by openssl.cnf.
The key type is unchanged.
Certificate changes:
- Certificate duration is now 10 years
- Organization (subj 'O') is now 'loop' instead of 'loopd' for
lightning-loop to simplify the code.
For reference, the org. name in auto-generated loop certs is
"loop autogenerated cert".
- The certificate now includes all default x509v3 extensions.
These were previously restricted to just `subjectAltName` by openssl.cnf.
We now use the openssl defaults for simplicity.
|
||
|---|---|---|
| .. | ||
| default.nix | ||
| generate-secrets.sh | ||
| update-and-generate.nix | ||
| update-secrets.sh | ||