rpms/ipa
6
0
Fork 0
Code Issues Pull Requests Releases Activity

Configure CA replication to use TLS instead of SSL

Browse Source
This commit is contained in:
Rob Crittenden 2012-10-12 14:47:17 -04:00
parent 4de47b3304
commit e93bd136ff
2 changed files with 33 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
0001-Use-TLS-for-CA-replication.patch Normal file
View File

@ -0,0 +1,26 @@
From 98fde54c170eb7974afe80403d54747563c8e3be Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Fri, 12 Oct 2012 14:35:43 -0400
Subject: [PATCH] Use TLS for CA replication
https://fedorahosted.org/freeipa/ticket/3162
---
ipaserver/install/cainstance.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py
index aabbba3..f2ac840 100644
--- a/ipaserver/install/cainstance.py
+++ b/ipaserver/install/cainstance.py
@@ -640,7 +640,7 @@ class CAInstance(service.Service):
"pki_security_domain_hostname": self.master_host,
"pki_security_domain_https_port": "443",
"pki_security_domain_password": self.admin_password,
- "pki_clone_replication_security": "SSL",
+ "pki_clone_replication_security": "TLS",
"pki_clone_uri": \
"https://%s" % ipautil.format_netloc(self.master_host, 443)
}
--
1.7.11.4

8
freeipa.spec
View File

@ -15,7 +15,7 @@ distutils.sysconfig import get_python_lib; print(get_python_lib(1))")}
Name: freeipa Name: freeipa
Version: 3.0.0 Version: 3.0.0
Release: 1%{?dist} Release: 2%{?dist}
Summary: The Identity, Policy and Audit system Summary: The Identity, Policy and Audit system
Group: System Environment/Base Group: System Environment/Base
@ -24,6 +24,8 @@ URL: http://www.freeipa.org/
Source0: http://www.freeipa.org/downloads/src/freeipa-%{VERSION}.tar.gz Source0: http://www.freeipa.org/downloads/src/freeipa-%{VERSION}.tar.gz
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
Patch1: 0001-Use-TLS-for-CA-replication.patch
%if ! %{ONLY_CLIENT} %if ! %{ONLY_CLIENT}
BuildRequires: 389-ds-base-devel >= 1.2.11.14 BuildRequires: 389-ds-base-devel >= 1.2.11.14
BuildRequires: svrcore-devel BuildRequires: svrcore-devel
@ -741,6 +743,10 @@ fi
%ghost %attr(0644,root,apache) %config(noreplace) %{_sysconfdir}/ipa/default.conf %ghost %attr(0644,root,apache) %config(noreplace) %{_sysconfdir}/ipa/default.conf
%ghost %attr(0644,root,apache) %config(noreplace) %{_sysconfdir}/ipa/ca.crt %ghost %attr(0644,root,apache) %config(noreplace) %{_sysconfdir}/ipa/ca.crt
%changelog
* Fri Oct 12 2012 Rob Crittenden <rcritten@redhat.com> - 3.0.0-2
- Configure CA replication to use TLS instead of SSL
* Fri Oct 12 2012 Rob Crittenden <rcritten@redhat.com> - 3.0.0-1 * Fri Oct 12 2012 Rob Crittenden <rcritten@redhat.com> - 3.0.0-1
- Updated to upstream 3.0.0 GA - Updated to upstream 3.0.0 GA
- Set minimum for samba to 4.0.0-153. - Set minimum for samba to 4.0.0-153.