Nsscash is very careful when deploying the changes:
- All files are updated using the standard "write to temporary file", "sync",
- "rename" steps which is atomic on UNIX file systems.
+ "rename" steps which is atomic on UNIX file systems. The indices are stored
+ in the same file preventing stale data during the update.
- All errors cause an immediate abort ("fail fast") with a proper error
message and a non-zero exit status. This prevents hiding possibly important
errors. In addition all files are fetched first and then deployed to try to
- github.com/BurntSushi/toml
- C compiler, for `libnss_cash.so.2`
-Tested on Debian Stretch and Buster, but should work on any GNU/Linux system.
-With adaptations to the NSS module it should work on any UNIX-like system
-which uses NSS.
+Tested on Debian Buster, but should work on any GNU/Linux system. With
+adaptations to the NSS module it should work on any UNIX-like system which
+uses NSS.
== USAGE
only certificates signed by this CA. Defaults to the system's certificate
store when omitted.
+- `username`/`password`: Username and password sent via HTTP Basic-Auth to the
+ webserver. The configuration file must not be readable by other users when
+ this is used.
+
- `path`: Path to store the retrieved file