Actions
Task #1970
closed
remove some ssl settings from server.conf
Status:
CLOSED - WONTFIX
Priority:
Normal
Assignee:
-
Category:
-
Sprint/Milestone:
-
Start date:
Due date:
% Done:
0%
Estimated time:
Platform Release:
Groomed:
No
Sprint Candidate:
No
Tags:
Pulp 2
Sprint:
Quarter:
Description
These settings should be removed from the "[security]" section of /etc/pulp/server.conf in the next X release of pulp:
cacert
cakey
ssl_ca_certificate
"cacert" and "cakey" are only used by pulp to sign client certs for use with the REST API. The common case is to use them during the "login" operation. The user should never need to change this cert or key, so pulp can just generate them without it being configurable.
"ssl_ca_certificate" is only known at this point to be used for finding the CA that should be installed on a consumer, and setup for yum to use when accessing content. That entire feature set is going away in pulp 3.0.
This was discussed just now in a TLS debrief from rbarlow.
Actions
.