Project

Profile

Help

Issue #475

closed

Deprecate the [server] ssl_ca_certificate setting, replacing with a new CA path setting

Added by rbarlow over 9 years ago. Updated over 4 years ago.

Status:
CLOSED - WONTFIX
Priority:
Normal
Assignee:
-
Category:
-
Sprint/Milestone:
-
Start date:
Due date:
Estimated time:
Severity:
2. Medium
Version:
Master
Platform Release:
OS:
Triaged:
Yes
Groomed:
No
Sprint Candidate:
No
Tags:
Pulp 2
Sprint:
Quarter:

Description

We currently have a setting in the [server] section of server.conf called ssl_ca_certificate. It must be a path to a specific CA certificate that is used for consumer yum repo files to validate that the Yum repository's SSL certificate is trusted.

Unfortunately there is also a setting called ca_cert, which is the certificate that Pulp uses to sign client certificates for authentication. These settings have little to do with one another yet have a meaning conflict in their names.

This should be removed. Instead we should have a consumer bool setting (i.e., not in server.conf) that allows the user to specify whether Yum should validate the server's signature with an authority pack. Additionally, a setting for a path to a directory containing certificates should be created so the user can provide their own certificate packs if they wish.

+ This bug was cloned from Bugzilla Bug #1123509 +


Files

Also available in: Atom PDF