Stephen A. Imhoff

> How can we trust CA's? Most of the CA's creating certificates self? Example Let's Encrypt creating certificate for us. is can access private key because is created. CAs **do...

.... no, you still haven't really solved the problem, because if you're insistent that it's a problem then it's _already_ a problem, and you've been compromised since the beginning, since...

> All certificate authorities I know create the certificate for you ... Since most certificate authorities create the certificate for us, I consider this as a security vulnerability because they...

@rzikm - OP's perception of the problems aside, from a quick glance it doesn't appear that `SslStream` (and thus anything further up the stack) provides any way to set and...

Ah, sorry, my bad. I'd thought that PHA was intended to allow the server to update its certificate.

You can't, I specifically mentioned why in the initial issue description - the port that the server knows about is internal to the container, but may not be the port...

Sure .... although if you start a new (Additional) dev session that can mean an edit/debug cycle to update that, since other things might reserve that port.

From which side, rust/tokio, or the OS? I've found some (potential - I haven't tried them yet) rust/tokio examples of how to set this up, but it's somewhat involved, needing...

Alas, I don't know how to do this in C/C++. Generally what happens is that you end up with a systemd socket definition that looks like this: ```shell #Socket file...

Note that from what I posted originally, I believe that in my case I'm not supposed to remove the socket file, since it would be maintained by systemd itself.