From 9d22ad86abe039759b834b630e6e8f97aa56e147 Mon Sep 17 00:00:00 2001
From: Sergey Matveev <stargrave@stargrave.org>
Date: Wed, 16 Aug 2023 12:48:01 +0300
Subject: [PATCH] CA-related instructions are on www.ca

---
 install.texi | 17 ++++-------------
 1 file changed, 4 insertions(+), 13 deletions(-)

diff --git a/install.texi b/install.texi
index 9af1f1a..891ac9d 100644
--- a/install.texi
+++ b/install.texi
@@ -53,8 +53,8 @@ GoGOST is also @command{go get}-able. For example to install
 $ go install go.cypherpunks.ru/gogost/v5/cmd/streebog256@@latest
 @end example
 
-@code{go.cypherpunks.ru} uses @code{ca.cypherpunks.ru} X.509 CA
-authority, that may complicate installation:
+Aware that @code{go.cypherpunks.ru} uses
+@url{//www.ca.cypherpunks.ru, ca.cypherpunks.ru} X.509 certificate authority.
 
 @itemize
 
@@ -63,17 +63,8 @@ services won't be able to verify @code{go.cypherpunks.ru}'s TLS
 authenticity, because there are no common trust anchors. You can skip
 their usage by setting @env{$GOPRIVATE=go.cypherpunks.ru}.
 
-@item You can (temporarily) override CA certificate bundle during installation:
-
-@example
-$ [fetch|wget] http://www.ca.cypherpunks.ru/cert.pem
-$ [fetch|wget] http://www.ca.cypherpunks.ru/cert.pem.@{asc,sig,minisig@}
-$ gpg --auto-key-locate dane --locate-keys stargrave at stargrave dot org
-$ gpg --auto-key-locate  wkd --locate-keys stargrave at gnupg dot net
-$ gpg --verify cert.pem.asc
-$ SSL_CERT_FILE=`pwd`/cert.pem GIT_SSL_CAINFO=`pwd`/cert.pem go get \
-    go.cypherpunks.ru/gogost/v5
-@end example
+@item You can (temporarily) override CA bundle during installation with
+@env{$SSL_CERT_FILE} environment variable.
 
 @item You can unpack tarball somewhere and use @code{replace} command in
 your local @file{go.mod}:
-- 
2.44.0