[tor-bugs] #30512 [Circumvention/Snowflake]: Enable cache for ACME certificates in broker
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon May 20 23:06:14 UTC 2019
#30512: Enable cache for ACME certificates in broker
-------------------------------------+--------------------------------
Reporter: dcf | Owner: (none)
Type: enhancement | Status: needs_revision
Priority: Medium | Milestone:
Component: Circumvention/Snowflake | Version:
Severity: Normal | Resolution:
Keywords: arlolra cohosh dcf phw | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
-------------------------------------+--------------------------------
Comment (by phw):
Replying to [comment:7 dcf]:
> This looks good to me now. I would suggest one further change: change
`letsencrypt-cert-cache` to `acme-cert-cache` for uniformity with other
existing options.
Good point, here you go:
https://github.com/NullHypothesis/snowflake/commit/8cd16ab9cc8db3e646fd09a28c3fbed9791c3b15
> And do we care or should there be a way to disable the cert cache, if
running on a read-only filesystem for example? Maybe `-acme-cert-cache
""`? Or maybe just logging the failure and continuing to run (what the
patch does now) is the best way.
I think not having a certificate cache is worth a warning in any case, so
I'm fine with the current behaviour.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/30512#comment:8>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list