URL: https://github.com/freeipa/freeipa/pull/1855 Author: flo-renaud Title: #1855: ipa-advise config-server-for-smart-card-auth: use mod-ssl Action: opened
PR body: """ ipa-advise config-server-for-smart-card-auth produces a script that was still using /etc/httpd/conf.d/nss.conf instead of /etc/httpd/conf.d/ssl.conf for setting the Apache SSLOCSPEnable Directive. The fix replaces references to nss.conf with ssl.conf. https://pagure.io/freeipa/issue/7515 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1855/head:pr1855 git checkout pr1855
From 30b59609ca6de331614feea83e7c13c06a597fce Mon Sep 17 00:00:00 2001 From: Florence Blanc-Renaud <f...@redhat.com> Date: Wed, 25 Apr 2018 18:28:34 +0200 Subject: [PATCH] ipa-advise config-server-for-smart-card-auth: use mod-ssl ipa-advise config-server-for-smart-card-auth produces a script that was still using /etc/httpd/conf.d/nss.conf instead of /etc/httpd/conf.d/ssl.conf for setting the Apache SSLOCSPEnable Directive. The fix replaces references to nss.conf with ssl.conf. https://pagure.io/freeipa/issue/7515 --- ipaserver/advise/plugins/smart_card_auth.py | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/ipaserver/advise/plugins/smart_card_auth.py b/ipaserver/advise/plugins/smart_card_auth.py index 1c79e4c85c..1967cfe3c2 100644 --- a/ipaserver/advise/plugins/smart_card_auth.py +++ b/ipaserver/advise/plugins/smart_card_auth.py @@ -92,8 +92,8 @@ class config_server_for_smart_card_auth(common_smart_card_auth_config): "Smart Card auth requests. To enable the feature in the " "whole topology you have to run the script on each master") - nss_conf = paths.HTTPD_NSS_CONF - nss_ocsp_directive = OCSP_DIRECTIVE + ssl_conf = paths.HTTPD_SSL_CONF + ssl_ocsp_directive = OCSP_DIRECTIVE kdc_service_name = services.knownservices.krb5kdc.systemd_name def get_info(self): @@ -102,7 +102,7 @@ def get_info(self): self.check_ccache_not_empty() self.check_hostname_is_in_masters() self.resolve_ipaca_records() - self.enable_nss_ocsp() + self.enable_ssl_ocsp() self.restart_httpd() self.record_httpd_ocsp_status() self.check_and_enable_pkinit() @@ -141,8 +141,8 @@ def resolve_ipaca_records(self): 'ipa-ca record pointing to IP addresses of IPA CA masters' ]) - def enable_nss_ocsp(self): - self.log.comment('look for the OCSP directive in nss.conf') + def enable_ssl_ocsp(self): + self.log.comment('look for the OCSP directive in ssl.conf') self.log.comment(' if it is present, switch it on') self.log.comment( 'if it is absent, append it to the end of VirtualHost section') @@ -166,7 +166,7 @@ def enable_nss_ocsp(self): def _interpolate_ocsp_directive_file_into_command(self, fmt_line): return self._format_command( - fmt_line, self.nss_ocsp_directive, self.nss_conf) + fmt_line, self.ssl_ocsp_directive, self.ssl_conf) def _format_command(self, fmt_line, directive, filename): return fmt_line.format(directive=directive, filename=filename)
_______________________________________________ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
