Add directives for ssl certificates

This commit adds a new extension cacert with implementations of two new
directives: sslcert to define a SSL certificate in place where it is
used and sslcertlist to automatically generate an alphabetically sorted
list of certificates.

The certlist.rst has been modified to use the sslcertlist directive,
while the systems/blog.rst and systems/board.rst have been modified to
use the sslcert directives for defining the certificates.

Note: The extension is far from ready and does not support some common
cases (same certificates on multiple nodes, indexing, backlinks from
certificates to certificate list).

1 files changed, 7 insertions, 4 deletions

diff --git a/docs/systems/blog.rst b/docs/systems/blog.rst
index 38bb50d..e216a85 100644
--- a/docs/systems/blog.rst
+++ b/docs/systems/blog.rst
@@ -280,11 +280,14 @@ Critical Configuration items
 Keys and X.509 certificates
 ---------------------------
 
-.. index::
-   single: Certificate; Blog
+.. sslcert:: blog.cacert.org
+   :certfile:   /etc/ssl/public/blog.cacert.org.crt
+   :keyfile:    /etc/ssl/private/blog.cacert.org.key
+   :serial:     11e837
+   :expiration: Mar 31 16:34:28 2018 GMT
+   :sha1fp:     69:A5:5F:3E:1B:D8:2E:CB:B3:AB:0B:E9:81:A6:CF:31:DF:C8:A4:5F
+   :issuer:     CAcert.org Class 1 Root CA
 
-* :file:`/etc/ssl/public/blog.cacert.org.crt` server certificate
-* :file:`/etc/ssl/private/blog.cacert.org.key` server key
 * :file:`/etc/ssl/certs/cacert.org/` directory containing CAcert.org Class 1
   and Class 3 certificates (allowed CA certificates for client certificates)
   and symlinks with hashed names as expected by OpenSSL