Project

Profile

Help

Issue #624

/etc/httpd/conf.d/pulp.conf sets SSLCACertificateFile

Added by rbarlow almost 7 years ago. Updated over 1 year ago.

Status:
CLOSED - WONTFIX
Priority:
Normal
Assignee:
-
Category:
-
Sprint/Milestone:
-
Start date:
Due date:
Estimated time:
Severity:
2. Medium
Version:
2.4.0
Platform Release:
OS:
Triaged:
Yes
Groomed:
No
Sprint Candidate:
No
Tags:
Pulp 2
Sprint:
Quarter:

Description

Description of problem:
/etc/httpd/conf.d/pulp.conf sets mod_ssl's SSLCACertificateFile directive. This directive is also defined in /etc/httpd/conf.d/ssl.conf, and is inappropriate for Pulp to claim in our pulp.conf namespace. Pulp does this so that it can use auto-generated client certificates with the /login/ call. Pulp relies on httpd to check client certificates against the CA defined in this directive.

We should change the /login/ call to work differently (i.e., not rely on a CA) and stop overriding this setting in our config file.

Version-Release number of selected component (if applicable):
2.4.0-1

How reproducible:
Every time.

Steps to Reproduce:
1. Is SSLCACertificateFile in /etc/httpd/conf.d/pulp.conf?

Actual results:
Yes.

Expected results:
No.

+ This bug was cloned from Bugzilla Bug #1165407 +

History

#1 Updated by amacdona@redhat.com almost 7 years ago

  • Platform Release deleted (3.0.0)

#2 Updated by bmbouter over 6 years ago

  • Severity changed from Medium to 2. Medium

#3 Updated by bmbouter over 2 years ago

  • Status changed from NEW to CLOSED - WONTFIX

#4 Updated by bmbouter over 2 years ago

Pulp 2 is approaching maintenance mode, and this Pulp 2 ticket is not being actively worked on. As such, it is being closed as WONTFIX. Pulp 2 is still accepting contributions though, so if you want to contribute a fix for this ticket, please reopen or comment on it. If you don't have permissions to reopen this ticket, or you want to discuss an issue, please reach out via the developer mailing list.

#5 Updated by bmbouter over 2 years ago

  • Tags Pulp 2 added

#6 Updated by bmbouter over 1 year ago

  • Category deleted (14)

We are removing the 'API' category per open floor discussion June 16, 2020.

Please register to edit this issue

Also available in: Atom PDF