Commit b6959875 authored by Titouan Soulard's avatar Titouan Soulard

software/slapos-master: allow disabling CRL check (fixup)

parent dc649be1
Pipeline #33063 canceled with stage
in 0 seconds
...@@ -168,7 +168,7 @@ Listen {{ ip }}:{{ port }} ...@@ -168,7 +168,7 @@ Listen {{ ip }}:{{ port }}
# Custom block we use for now different parameters. # Custom block we use for now different parameters.
RequestHeader set Remote-User %{SSL_CLIENT_S_DN_CN}s RequestHeader set Remote-User %{SSL_CLIENT_S_DN_CN}s
SSLCACertificateFile {{ parameter_dict['shared-ca-cert'] }} SSLCACertificateFile {{ parameter_dict['shared-ca-cert'] }}
{% if parameter_dict['shared-crl'] -%} {% if 'shared-crl' in parameter_dict -%}
SSLCARevocationCheck chain SSLCARevocationCheck chain
SSLCARevocationPath {{ parameter_dict['shared-crl'] }} SSLCARevocationPath {{ parameter_dict['shared-crl'] }}
{% endif -%} {% endif -%}
......
...@@ -4,7 +4,6 @@ ...@@ -4,7 +4,6 @@
{% set ssl_parameter_dict = slapparameter_dict['ssl'] -%} {% set ssl_parameter_dict = slapparameter_dict['ssl'] -%}
{% set frontend_caucase_url_list = ssl_parameter_dict.get('frontend-caucase-url-list', []) -%} {% set frontend_caucase_url_list = ssl_parameter_dict.get('frontend-caucase-url-list', []) -%}
{% set shared_ca_path = slapparameter_dict.get('shared-certificate-authority-path') -%} {% set shared_ca_path = slapparameter_dict.get('shared-certificate-authority-path') -%}
{% set check_crl = slapparameter_dict.get('check-crl', True) -%}
{# {#
XXX: This template only supports exactly one IPv4 and (if ipv6 is used) one IPv6 XXX: This template only supports exactly one IPv4 and (if ipv6 is used) one IPv6
per partition. No more (undefined result), no less (IndexError). per partition. No more (undefined result), no less (IndexError).
...@@ -175,7 +174,7 @@ crl = ${apache-conf-ssl:crl} ...@@ -175,7 +174,7 @@ crl = ${apache-conf-ssl:crl}
{% if shared_ca_path -%} {% if shared_ca_path -%}
shared-ca-cert = {{ shared_ca_path }}/cacert.pem shared-ca-cert = {{ shared_ca_path }}/cacert.pem
{% if check_crl -%} {% if slapparameter_dict.get('check-crl') -%}
shared-crl = {{ shared_ca_path }}/crl shared-crl = {{ shared_ca_path }}/crl
{%- endif %} {%- endif %}
{%- endif %} {%- endif %}
......
...@@ -448,6 +448,7 @@ config-monitor-passwd = ${monitor-htpasswd:passwd} ...@@ -448,6 +448,7 @@ config-monitor-passwd = ${monitor-htpasswd:passwd}
config-ssl = {{ dumps(balancer_dict['ssl']) }} config-ssl = {{ dumps(balancer_dict['ssl']) }}
config-name = ${:name} config-name = ${:name}
config-shared-certificate-authority-path = ${directory:ca-dir} config-shared-certificate-authority-path = ${directory:ca-dir}
config-check-crl = {{ dumps(slapparameter_dict.get('check-crl', True)) }}
config-backend-path-dict = {{ dumps(zope_backend_path_dict) }} config-backend-path-dict = {{ dumps(zope_backend_path_dict) }}
config-ssl-authentication-dict = {{ dumps(ssl_authentication_dict) }} config-ssl-authentication-dict = {{ dumps(ssl_authentication_dict) }}
config-apachedex-promise-threshold = {{ dumps(monitor_dict.get('apachedex-promise-threshold', 70)) }} config-apachedex-promise-threshold = {{ dumps(monitor_dict.get('apachedex-promise-threshold', 70)) }}
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment