[Freeipa-devel] [freeipa PR#874][opened] Changing cert-find to go through the proxy instead of using the port 8080

Wed, 14 Jun 2017 14:09:06 -0700 

   URL: https://github.com/freeipa/freeipa/pull/874
Author: felipevolpone
 Title: #874: Changing cert-find to go through the proxy instead of using the 
port 8080
Action: opened

PR body:
"""
The cert-find command now uses the proxy to reach Dogtag, instead of using the 
port 8080. In order to accomplish that, it's necessary to change the proxy 
configuration adding the service URL.

Ticket: https://pagure.io/freeipa/issue/6966
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/874/head:pr874
git checkout pr874

From 4072343accc93fd545391fe74bd969af0e88e10d Mon Sep 17 00:00:00 2001
From: Felipe Volpone <felipevolp...@gmail.com>
Date: Wed, 14 Jun 2017 17:52:18 -0300
Subject: [PATCH] Changing cert-find to go through the proxy instead of using
 the port 8080

The cert-find command now uses the proxy to reach Dogtag, instead of using
the port 8080. In order to accomplish that, it's necessary to change the
proxy configuration including the URL called.

https://pagure.io/freeipa/issue/6966
---
 install/conf/ipa-pki-proxy.conf | 2 +-
 ipaserver/plugins/dogtag.py     | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/install/conf/ipa-pki-proxy.conf b/install/conf/ipa-pki-proxy.conf
index b48a3020d2..8a8eaa7f3f 100644
--- a/install/conf/ipa-pki-proxy.conf
+++ b/install/conf/ipa-pki-proxy.conf
@@ -27,7 +27,7 @@ ProxyRequests Off
 </LocationMatch>
 
 # matches for CA REST API
-<LocationMatch "^/ca/rest/account/login|^/ca/rest/account/logout|^/ca/rest/installer/installToken|^/ca/rest/securityDomain/domainInfo|^/ca/rest/securityDomain/installToken|^/ca/rest/profiles|^/ca/rest/authorities|^/ca/rest/certrequests|^/ca/rest/admin/kraconnector/remove">
+<LocationMatch "^/ca/rest/account/login|^/ca/rest/account/logout|^/ca/rest/installer/installToken|^/ca/rest/securityDomain/domainInfo|^/ca/rest/securityDomain/installToken|^/ca/rest/profiles|^/ca/rest/authorities|^/ca/rest/certrequests|^/ca/rest/admin/kraconnector/remove|^/ca/rest/certs/search">
     NSSOptions +StdEnvVars +ExportCertData +StrictRequire +OptRenegotiate
     NSSVerifyClient optional
     ProxyPassMatch ajp://localhost:$DOGTAG_PORT
diff --git a/ipaserver/plugins/dogtag.py b/ipaserver/plugins/dogtag.py
index bddaab58a5..0e68de6219 100644
--- a/ipaserver/plugins/dogtag.py
+++ b/ipaserver/plugins/dogtag.py
@@ -1903,7 +1903,7 @@ def convert_time(value):
         self.debug('%s.find(): request: %s', type(self).__name__, payload)
 
         url = 'http://%s/ca/rest/certs/search?size=%d' % (
-            ipautil.format_netloc(self.ca_host, 8080),
+            ipautil.format_netloc(self.ca_host, 80),
             options.get('sizelimit', 0x7fffffff))
 
         opener = urllib.request.build_opener()

_______________________________________________
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

Reply via email to