Project

Profile

Help

Task #1970

remove some ssl settings from server.conf

Added by mhrivnak over 4 years ago. Updated over 1 year ago.

Status:
CLOSED - WONTFIX
Priority:
Normal
Assignee:
-
Category:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Platform Release:
Groomed:
No
Sprint Candidate:
No
Tags:
Pulp 2
Sprint:
Quarter:

Description

These settings should be removed from the "[security]" section of /etc/pulp/server.conf in the next X release of pulp:

cacert
cakey
ssl_ca_certificate

"cacert" and "cakey" are only used by pulp to sign client certs for use with the REST API. The common case is to use them during the "login" operation. The user should never need to change this cert or key, so pulp can just generate them without it being configurable.

"ssl_ca_certificate" is only known at this point to be used for finding the CA that should be installed on a consumer, and setup for yum to use when accessing content. That entire feature set is going away in pulp 3.0.

This was discussed just now in a TLS debrief from rbarlow.

History

#1 Updated by bmbouter over 1 year ago

  • Status changed from NEW to CLOSED - WONTFIX

#2 Updated by bmbouter over 1 year ago

Pulp 2 is approaching maintenance mode, and this Pulp 2 ticket is not being actively worked on. As such, it is being closed as WONTFIX. Pulp 2 is still accepting contributions though, so if you want to contribute a fix for this ticket, please reopen or comment on it. If you don't have permissions to reopen this ticket, or you want to discuss an issue, please reach out via the developer mailing list.

#3 Updated by bmbouter over 1 year ago

  • Tags Pulp 2 added

Please register to edit this issue

Also available in: Atom PDF