From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: mail.toke.dk; spf=pass (mailfrom) smtp.mailfrom=irif.fr (client-ip=2001:660:3301:8000::1:2; helo=korolev.univ-paris7.fr; envelope-from=jch@irif.fr; receiver=) Received: from korolev.univ-paris7.fr (korolev.univ-paris7.fr [IPv6:2001:660:3301:8000::1:2]) by mail.toke.dk (Postfix) with ESMTPS id C3A7D7F9951 for ; Fri, 26 Feb 2021 19:21:36 +0100 (CET) Received: from mailhub.math.univ-paris-diderot.fr (mailhub.math.univ-paris-diderot.fr [81.194.30.253]) by korolev.univ-paris7.fr (8.14.4/8.14.4/relay1/82085) with ESMTP id 11QILVsP008215 for ; Fri, 26 Feb 2021 19:21:31 +0100 Received: from mailhub.math.univ-paris-diderot.fr (localhost [127.0.0.1]) by mailhub.math.univ-paris-diderot.fr (Postfix) with ESMTP id D67E1F7D41 for ; Fri, 26 Feb 2021 19:21:31 +0100 (CET) X-Virus-Scanned: amavisd-new at math.univ-paris-diderot.fr Received: from mailhub.math.univ-paris-diderot.fr ([127.0.0.1]) by mailhub.math.univ-paris-diderot.fr (mailhub.math.univ-paris-diderot.fr [127.0.0.1]) (amavisd-new, port 10023) with ESMTP id H2_-CdxjL8DI for ; Fri, 26 Feb 2021 19:21:29 +0100 (CET) Received: from pirx.irif.fr (unknown [78.194.40.74]) (Authenticated sender: jch) by mailhub.math.univ-paris-diderot.fr (Postfix) with ESMTPSA id CBE04F7D3E for ; Fri, 26 Feb 2021 19:21:29 +0100 (CET) Date: Fri, 26 Feb 2021 19:21:29 +0100 Message-ID: <87k0quitau.wl-jch@irif.fr> From: Juliusz Chroboczek To: galene@lists.galene.org User-Agent: Wanderlust/2.15.9 (Almost Unreal) Emacs/27.1 Mule/6.0 MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue") Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.2.7 (korolev.univ-paris7.fr [194.254.61.138]); Fri, 26 Feb 2021 19:21:31 +0100 (CET) X-Miltered: at korolev with ID 60393C2B.000 by Joe's j-chkmail (http : // j-chkmail dot ensmp dot fr)! X-j-chkmail-Enveloppe: 60393C2B.000 from mailhub.math.univ-paris-diderot.fr/mailhub.math.univ-paris-diderot.fr/null/mailhub.math.univ-paris-diderot.fr/ X-j-chkmail-Score: MSGID : 60393C2B.000 on korolev.univ-paris7.fr : j-chkmail score : . : R=. U=. O=. B=0.000 -> S=0.000 X-j-chkmail-Status: Ham Message-ID-Hash: 2BDM5R6S7V5LXWJAOIRWFH4XYW656JD3 X-Message-ID-Hash: 2BDM5R6S7V5LXWJAOIRWFH4XYW656JD3 X-MailFrom: jch@irif.fr X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; suspicious-header X-Mailman-Version: 3.3.2 Precedence: list Subject: [Galene] ANNOUNCE: =?iso-8859-1?q?Gal=E8ne?= 0.3.1 List-Id: =?utf-8?q?Gal=C3=A8ne_videoconferencing_server_discussion_list?= Archived-At: List-Archive: List-Help: List-Post: List-Subscribe: List-Unsubscribe: Dear all, Version 0.3.1 of the Gal=E8ne videoconferencing server is available from git clone -b galene-0.3.1 https://github.com/jech/galene For more information about Gal=E8ne, please see https://galene.org Just a very minor revision, in order to give a stable version number to packagers. We now notice when the TLS certificate has changed on disk, and reload it with no service interruption. If no TLS certificate is present (neither key.pem nor cert.pem files are present), we automatically generate a self-signed certificate. In order to rotate the TLS certificate, just move the new certificate over the old one, taking care to use the right permissions: sudo chown galene:galene cert.pem key.pem sudo chmod go-r key.pem sudo mv cert.pem key.pem ~galene/data/ Since the certificate is stored in two files, there exists a small window of time when the cert.pem and key.pem don't match. If you're very unlucky, a user may choose to connect during that window; in that case, the user will receive an "Internal server error", and the issue will be duly logged. The user will recover as soon as they hit Reload. 26 February 2021: Gal=E8ne 0.3.1 * We now notice when the TLS certificate has changed on disk; which can therefore be rotated without a restart. * We now generate a self-signed certificate if none is found on disk.