- return more information which are important from Certificate

Authority - in case of Key Auth Apache accept Certificate Authority configuration and do not use global dictionary git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@44172 20353a03-c40f-0410-a6d1-a30d3c3de9de

- return more information which are important from Certificate
Authority - in case of Key Auth Apache accept Certificate Authority configuration and do not use global dictionary git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@44172 20353a03-c40f-0410-a6d1-a30d3c3de9de
05445f0a · Łukasz Nowak · 035e1b8b · 05445f0a
Commit 05445f0a authored Mar 11, 2011 by Łukasz Nowak
Hide whitespace changes
Inline Side-by-side

Showing with 7 additions and 5 deletions

slapos/recipe/erp5/src/slapos/recipe/erp5/__init__.py slapos/recipe/erp5/src/slapos/recipe/erp5/__init__.py +7 -5

No files found.
--- a/slapos/recipe/erp5/src/slapos/recipe/erp5/__init__.py
+++ b/slapos/recipe/erp5/src/slapos/recipe/erp5/__init__.py
@@ -243,6 +243,8 @@ class Recipe(BaseSlapRecipe):
    return dict(
      login_key=login_key, login_certificate=login_certificate,
      key_auth_key=key_auth_key, key_auth_certificate=key_auth_certificate,
+      ca_certificate=os.path.join(config['ca_dir'], 'cacert.pem'),
+      ca_crl=os.path.join(config['ca_dir'], 'crl'),
      certificate_authority_path=config['ca_dir']
    )

@@ -491,7 +493,7 @@ SSLRandomSeed connect builtin
          ]))
    return 'https://%(ip)s:%(port)s' % apache_conf

-  def installKeyAuthorisationApache(self, ip, port, backend,
+  def installKeyAuthorisationApache(self, ip, port, backend, ca_conf,
      key_auth_path='/erp5/portal_slap'):
    ssl_template = """SSLEngine on
 SSLVerifyClient require
@@ -501,7 +503,7 @@ SSLCertificateKeyFile %(key_auth_key)s
 SSLCACertificateFile %(ca_certificate)s
 SSLCARevocationPath %(ca_crl)s"""
    apache_conf = self._getApacheConfigurationDict('key_auth_apache', ip, port)
-    apache_conf['ssl_snippet'] = ssl_template % CONFIG
+    apache_conf['ssl_snippet'] = ssl_template % ca_conf
    prefix = 'ssl_key_auth_apache'
    rewrite_rule_template = \
      "RewriteRule (.*) http://%(backend)s%(key_auth_path)s$1 [L,P]"
@@ -530,9 +532,9 @@ SSLCARevocationPath %(ca_crl)s"""
        __name__ + '.apache', 'runApache')], self.ws,
          sys.executable, self.wrapper_directory, arguments=[
            dict(
-              required_path_list=[CONFIG['key_auth_certificate'],
-                CONFIG['key_auth_key'], CONFIG['ca_certificate'],
-                CONFIG['ca_crl']],
+              required_path_list=[ca_conf['key_auth_certificate'],
+                ca_conf['key_auth_key'], ca_conf['ca_certificate'],
+                ca_conf['ca_crl']],
              binary=self.options['httpd_binary'],
              config=apache_config_file
            )