[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [MirageOS-devel] TLS on Xen

On 15 Jan 2015, at 19:32, Thomas Leonard <talex5@xxxxxxxxx> wrote:
> On 15 January 2015 at 17:58, Thomas Gazagnaire <thomas@xxxxxxxxxxxxxx> wrote:
>>> - It would be good if you could configure an https server directly in
>>> config.ml. Currently, the need to configure it with a certificate and
>>> private key means this step has to go in the unikernel.
>> would it be possible to do something like for the IP address where we write 
>> the IP address in config.ml and then generate main.ml with the same IP 
>> printed in (ie. we "lift" the IP value from the configuration language to 
>> the main program)? Is there a way to print a server configuration as a 
>> string which can be interpreted as an OCaml value?
> What's the recommended way to store the private key? I don't want it
> in config.ml because that's part of the source repository. I could
> load it there. I can't deploy via a public GitHub repository if the
> binary contains the key, so maybe it should be stored on a block
> device?

At the risk of abusing XenStore too much, it could also be written there
with suitably constrained permissions.  It would still need to be a block
device for normal cloud providers though.


MirageOS-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.