On 12/21/23 09:49, Stephan Bergmann wrote:
On 12/20/23 22:52, Stephan Bergmann wrote:
On 12/15/23 13:53, Stephan Bergmann wrote:
@Cloph: We'll need to find a way to specify a certificate there for
TDF builds that enable that feature.
...but we'll still need to pass an appropriate
--with-online-update-mar-certificateder=... into such builds, ideally
for the upcoming LO 24.2.0 RC1 builds.
To make that more explicit: We need an X509 rsa:2048 cert with which we
will sign the update.mar files that we will generate in the future, and
now we need a file containing the DER representation of that cert's
public key, and we need to pass the pathname for that DER file into the
--enable-online-upate-mar Windows build with
--with-online-update-mar-certificateder=...
(To generate my test cert and DER file, I did something like
$ openssl req -x509 -newkey rsa:2048 ...
$ openssl x509 -outform DER -in cert.pem -out cert.der
and then configured
--with-online-update-mar-certificateder=C:/.../cert.der)
Sorry, I made a mistake in the above; with the new code from Mozilla we
now need an rsa:4069 cert, not an rsa:2048 one.
For new builds, can you please use a fresh certificate generated with
`rsa:4096`?
