Lloyd <ng2d68@proton.me> writes:

> I like this idea but I think the diff is broken.
>
> Initial comments:
>
> 1. mktemp fails - shouldn't it be -p not -t?

right.

> 2. the generated cert.pem has permissions 0600 root:wheel in my
> testing, it needs to be world-readable, should it be 0444 root:bin?

right too.

> 3. I would think cert.local.pem should have 0644 perms

it isn't a problem in the diff. it only looks the file is readable.

> 4. With this tucked away into /etc/rc, what is the official update
> procedure to regenerate cert.pem when adding a certificate?
>
> 5. where in the man pages do we note the existence of cert.local.pem?

nowhere at this stage. the diff is more a proof-of-concept asking for
comments than something to be commited as it.

Thanks for your comments.
-- 
Sebastien Marie