[Erp5-report] r44172 luke - /erp5/trunk/utils/slapos.recipe.erp5/src/slapos/recipe/erp5/

nobody at svn.erp5.org nobody at svn.erp5.org
Fri Mar 11 10:34:38 CET 2011 

Author: luke
Date: Fri Mar 11 10:34:38 2011
New Revision: 44172

URL: http://svn.erp5.org?rev=44172&view=rev
Log:
 - return more information which are important from Certificate
   Authority
 - in case of Key Auth Apache accept Certificate Authority configuration
   and do not use global dictionary

Modified:
    erp5/trunk/utils/slapos.recipe.erp5/src/slapos/recipe/erp5/__init__.py

Modified: erp5/trunk/utils/slapos.recipe.erp5/src/slapos/recipe/erp5/__init__.py
URL: http://svn.erp5.org/erp5/trunk/utils/slapos.recipe.erp5/src/slapos/recipe/erp5/__init__.py?rev=44172&r1=44171&r2=44172&view=diff
==============================================================================
--- erp5/trunk/utils/slapos.recipe.erp5/src/slapos/recipe/erp5/__init__.py [utf8] (original)
+++ erp5/trunk/utils/slapos.recipe.erp5/src/slapos/recipe/erp5/__init__.py [utf8] Fri Mar 11 10:34:38 2011
@@ -243,6 +243,8 @@ class Recipe(BaseSlapRecipe):
     return dict(
       login_key=login_key, login_certificate=login_certificate,
       key_auth_key=key_auth_key, key_auth_certificate=key_auth_certificate,
+      ca_certificate=os.path.join(config['ca_dir'], 'cacert.pem'),
+      ca_crl=os.path.join(config['ca_dir'], 'crl'),
       certificate_authority_path=config['ca_dir']
     )
 
@@ -491,7 +493,7 @@ SSLRandomSeed connect builtin
           ]))
     return 'https://%(ip)s:%(port)s' % apache_conf
 
-  def installKeyAuthorisationApache(self, ip, port, backend,
+  def installKeyAuthorisationApache(self, ip, port, backend, ca_conf,
       key_auth_path='/erp5/portal_slap'):
     ssl_template = """SSLEngine on
 SSLVerifyClient require
@@ -501,7 +503,7 @@ SSLCertificateKeyFile %(key_auth_key)s
 SSLCACertificateFile %(ca_certificate)s
 SSLCARevocationPath %(ca_crl)s"""
     apache_conf = self._getApacheConfigurationDict('key_auth_apache', ip, port)
-    apache_conf['ssl_snippet'] = ssl_template % CONFIG
+    apache_conf['ssl_snippet'] = ssl_template % ca_conf
     prefix = 'ssl_key_auth_apache'
     rewrite_rule_template = \
       "RewriteRule (.*) http://%(backend)s%(key_auth_path)s$1 [L,P]"
@@ -530,9 +532,9 @@ SSLCARevocationPath %(ca_crl)s"""
         __name__ + '.apache', 'runApache')], self.ws,
           sys.executable, self.wrapper_directory, arguments=[
             dict(
-              required_path_list=[CONFIG['key_auth_certificate'],
-                CONFIG['key_auth_key'], CONFIG['ca_certificate'],
-                CONFIG['ca_crl']],
+              required_path_list=[ca_conf['key_auth_certificate'],
+                ca_conf['key_auth_key'], ca_conf['ca_certificate'],
+                ca_conf['ca_crl']],
               binary=self.options['httpd_binary'],
               config=apache_config_file
             )

More information about the Erp5-report mailing list