- mutiple SSL cert files can now be added to the MRCI_PUB_KEY env variable
via colon seperated ':' path strings to complete the cert chain if such
a thing is required. It is no longer necessary to merge to multiple
certs into one to complete a cert chain.
- added -load_ssl command line option so cert data can be re-loaded in
real time without the need to stop-start the host.
- added more detailed error messages to the SSL loading process for
easier debugging.
- major changes to the build system include the use of python scripts
instead of the linux shell script file.
- linux_build.sh was removed since it is no longer needed.
- the new build process now run 2 python scripts: build.py and then
install.py.
- the resulting installer if built no longer uses makeself. the
installation and/or self extracting process is now handled entirely
by python and the install.py script.
The main reason for this change is to lay the ground work for multi-
platform support. It is still linux only for now but adding windows
support will be much easier in the future thanks to python's cross-
platform support.
- SSL certs are no longer stored in the host database. This was
done not only for security reasons but there is simply no need
to do such thing anymore.
- The host will longer support multiple SSL certs and will instead
have just a single cert for all TCP connections. This required a
change to the client header format that simply replaced the the
common name with padding. The host will also no longer send the
HOST_CERT type id during session initialization. HOST_CERT was
also removed as a type id.
- The cert and privite key are now pointed to files in the local
file system by the environment variables: MRCI_PRIV_KEY and
MRCI_PUB_KEY.
- The host will still create a default self-signed cert if a valid
cert and private key is not defined in the above environmental
vars. Since the host only support single certs now, the default
cert needed to be expanded to include subject alternative names.
The host will try to detect it's WAN ip address using ipify.org
and then assign SANs for all detected local LAN interfaces.
- Since the cert is now handled by environmental vars and nothing
related to it stored in the database, all the core commands
related to cert management were removed.
