Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Seperate out CFSSL server components from cf_impl_cfssl
See original GitHub issueCurrently CFSSL is automatically set up and run from ca_impl_cfssl.py
I think we should separate out the server components start_cfssl and stop_cfssl and instead just have the ip and port configurable and the operator runs their own cfssl instance wherever they like (it might be on a different host to the keylime_verifier), perhaps behind its own firewall etc. Either way I don’t think it should not be possible to run it separately.
In time we should also look to make CA’s plugable, so different PKI systems can be utilised.
@jetwhiz @nabilschear - any objections to the above? If not I will give it a key_feature label.
Issue Analytics
- State:
- Created 4 years ago
- Comments:7 (6 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
i think this sounds like a great idea. We were trying to make the cert support pluggable already, but it was mostly to fix the limitations of openssl (i.e., no crl support in m2crypto). A new look at what the interface should look like might be in order.
#1012 removed CFSSL support.