Open totaam opened 1 week ago
The only downside is that in my experience, mkcert is easier to manage - at least for local testing.
Package a go dependency? šš¤£
Package a go dependency? šš¤£
No chance, but depending on a mkcert
package wouldn't be too bad. Except there isn't one for RPM, so that's a non-starter.
It would be neat if we could use this to generate a SSL certificate + key on a remote host and install the certificate on the local system.
Without https://github.com/FiloSottile/mkcert, I think you will be re-inventing the wheel š
... especially if you would somehow expect that the package lands on LTSs of all of the OSes you support by "not your actions"
Without https://github.com/FiloSottile/mkcert, I think you will be re-inventing the wheel š
No, for the python client, all the plumbing is already in place for accepting certificates, even the GUI: #3305, #3299
For the html5 client, things are going to be more complicated no matter what - because browsers.
Invoking mkcert
if installed is an option, and showing a warning if it's not.
Suggested in https://github.com/orgs/Xpra-org/discussions/4146#discussioncomment-9975850
This subcommand can be called by the post-installation scripts, simplifying:
Could be very useful for WebTransport - if we can figure out how to make the browsers accept the certificates: https://github.com/Xpra-org/xpra-html5/issues/143#issuecomment-2183972669
The only downside is that in my experience, mkcert is easier to manage - at least for local testing.
We already have #3299 for accepting certificates per-host in the Python client. Perhaps this could be enhanced too: qrencode the certificate hash for easier verification?
It would be neat if we could use this to generate a SSL certificate + key on a remote host and install the certificate on the local system. Something like: