Actions
Story #4666
closedAs a user I have path checking features for to the X.509 certguard
Status:
CLOSED - DUPLICATE
Priority:
Normal
Assignee:
-
Start date:
Due date:
% Done:
0%
Estimated time:
Platform Release:
Groomed:
Yes
Sprint Candidate:
Tags:
Sprint:
Quarter:
Description
Ticket moved to GitHub: "pulp/pulp-certguard/138":https://github.com/pulp/pulp-certguard/issues/138
Motivation¶
It would be very useful for paths to be put into the x.509 extended attributes to see if this client is authorized to access this specific distribution's content. This way whoever is generating the certs (and their expiration dates) determines the access.
Solution¶
The existing X.509 certguard could automatically be updated to check this correctly. We also need docs with how the openssl tooling can easily make these kind of certs.
How will we ensure path checking is required?¶
A boolean will be added to the X.509 certguard called path_check_required
which will default to False. If True, the certificate check must contain a matching path for the content requested.
Actions