[pkg-lua-devel] SSL certificate (and virtual host examples) in Prosody package

[Sergei Golovan]

Hi!

Just a few thoughts on working with the default self-signed
certificates in Prosody:

1) Our autogenerated SSL certificate is listed in the main config as
the default certificate. Do we really want to encourage users to use
the self-signed certificate for the purpose other than example?

I'd suggest to comment out the ssl options and add this certificate to
conf.d/localhost.cfg.lua.

2) Generating our own certificate is error prone (there are already a
few bugreports on it, see [1], [2]).

I'd suggest to use the snakeoil certificate from ssl-cert package,
which is a self-signed certificate generated for all programs that
need one.

3) Also, I'd like to move symlinking to
/etc/prosody/conf.d/localhost.cfg.lua to a postinst script (and don't
symlink at all on upgrade) because currently the local admin can't
remove the symlink permanently (it'll reappears after the update).

4) Currently, we have virtual host 'example.com' in the main config
and in an example config in /etc/prosody/conf.avail. Would it be
better to remove (or comment out) the one in the main config file?

Thoughts?

[1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=638027 (it's
invalid though)
[2] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=645853

Cheers!

-- 
Sergei Golovan