[Erp5-report] r44172 luke - /erp5/trunk/utils/slapos.recipe.erp5/src/slapos/recipe/erp5/
nobody at svn.erp5.org
nobody at svn.erp5.org
Fri Mar 11 10:34:38 CET 2011
Author: luke
Date: Fri Mar 11 10:34:38 2011
New Revision: 44172
URL: http://svn.erp5.org?rev=44172&view=rev
Log:
- return more information which are important from Certificate
Authority
- in case of Key Auth Apache accept Certificate Authority configuration
and do not use global dictionary
Modified:
erp5/trunk/utils/slapos.recipe.erp5/src/slapos/recipe/erp5/__init__.py
Modified: erp5/trunk/utils/slapos.recipe.erp5/src/slapos/recipe/erp5/__init__.py
URL: http://svn.erp5.org/erp5/trunk/utils/slapos.recipe.erp5/src/slapos/recipe/erp5/__init__.py?rev=44172&r1=44171&r2=44172&view=diff
==============================================================================
--- erp5/trunk/utils/slapos.recipe.erp5/src/slapos/recipe/erp5/__init__.py [utf8] (original)
+++ erp5/trunk/utils/slapos.recipe.erp5/src/slapos/recipe/erp5/__init__.py [utf8] Fri Mar 11 10:34:38 2011
@@ -243,6 +243,8 @@ class Recipe(BaseSlapRecipe):
return dict(
login_key=login_key, login_certificate=login_certificate,
key_auth_key=key_auth_key, key_auth_certificate=key_auth_certificate,
+ ca_certificate=os.path.join(config['ca_dir'], 'cacert.pem'),
+ ca_crl=os.path.join(config['ca_dir'], 'crl'),
certificate_authority_path=config['ca_dir']
)
@@ -491,7 +493,7 @@ SSLRandomSeed connect builtin
]))
return 'https://%(ip)s:%(port)s' % apache_conf
- def installKeyAuthorisationApache(self, ip, port, backend,
+ def installKeyAuthorisationApache(self, ip, port, backend, ca_conf,
key_auth_path='/erp5/portal_slap'):
ssl_template = """SSLEngine on
SSLVerifyClient require
@@ -501,7 +503,7 @@ SSLCertificateKeyFile %(key_auth_key)s
SSLCACertificateFile %(ca_certificate)s
SSLCARevocationPath %(ca_crl)s"""
apache_conf = self._getApacheConfigurationDict('key_auth_apache', ip, port)
- apache_conf['ssl_snippet'] = ssl_template % CONFIG
+ apache_conf['ssl_snippet'] = ssl_template % ca_conf
prefix = 'ssl_key_auth_apache'
rewrite_rule_template = \
"RewriteRule (.*) http://%(backend)s%(key_auth_path)s$1 [L,P]"
@@ -530,9 +532,9 @@ SSLCARevocationPath %(ca_crl)s"""
__name__ + '.apache', 'runApache')], self.ws,
sys.executable, self.wrapper_directory, arguments=[
dict(
- required_path_list=[CONFIG['key_auth_certificate'],
- CONFIG['key_auth_key'], CONFIG['ca_certificate'],
- CONFIG['ca_crl']],
+ required_path_list=[ca_conf['key_auth_certificate'],
+ ca_conf['key_auth_key'], ca_conf['ca_certificate'],
+ ca_conf['ca_crl']],
binary=self.options['httpd_binary'],
config=apache_config_file
)
More information about the Erp5-report
mailing list