Instead we will the use the CA certificate provided by the
ca-certificates packages, which is now a mandatory depency of
pve-manager since 35e0ea9a1d and
pve-manager 3.4-15. This change allows us in the future to
use different CA for our https repositories.
This changed has been tested OK with the following combination:
* https repository using a StartCom certificate: works
* https repository using a Let's encrypt certificate: works
User visible changes:
* none : the new configuration file 75pveconf silently
overwrites the olderone, except if local changes were made
in which case you're presented with the traditional debian menu
(keep local/ use packager version/ diff / open a shell)
Cherry-Picked-By: f.gruenbichler@proxmox.com (from 4.2)
ca-certificates provides the necessary root ca certificates
to connect to the PVE enterprise repositories
The package was always installed since pve-manager 3.1-13 as an indirect
'Depends:' via liblwp-protocol-https, but could have been missing in previous
versions of pve.
Adding this dependency directly makes it sures that it's available
in each PVE installs no matter what Debian packagers do.
With this package installed we no longer need to ship
our own server CA cert.
To prevent that one time Net:SSL and an outer time IO::Socket::SSL is loaded,
ensure that always use the same socket class.
We load the the Net:SSL in AccessControl.pm if we call pveupdate,
but if we call pveam update this module is not loaded an so the default is used (IO::Socket::SSL).
avoid to init the rrd with default timeframe,
then reload with timefrom state manager
this avoid to reload twice the rrds
Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
