Add pkispawn option to disable Master CRL. This is useful in the migration case.
Please review, Ade
From fe1e82ff8f0e89c0c359064cfb749ae475125c2a Mon Sep 17 00:00:00 2001 From: Ade Lee <[email protected]> Date: Wed, 3 Aug 2016 23:55:53 -0400 Subject: [PATCH] Add pkispawn option to disable Master CRL --- base/ca/shared/conf/CS.cfg | 2 +- base/server/config/pkislots.cfg | 1 + base/server/etc/default.cfg | 1 + base/server/python/pki/server/deployment/pkiparser.py | 4 ++++ 4 files changed, 7 insertions(+), 1 deletion(-) diff --git a/base/ca/shared/conf/CS.cfg b/base/ca/shared/conf/CS.cfg index 68e79a48f650c6d39d0324c071c2f3b7e9d74515..3beb45c5392427dec411fda0bb12769b9d279f43 100644 --- a/base/ca/shared/conf/CS.cfg +++ b/base/ca/shared/conf/CS.cfg @@ -578,7 +578,7 @@ ca.crl.MasterCRL.unexpectedExceptionLoopMax=10 ca.crl.MasterCRL.class=com.netscape.ca.CRLIssuingPoint ca.crl.MasterCRL.dailyUpdates=1:00 ca.crl.MasterCRL.description=CA's complete Certificate Revocation List -ca.crl.MasterCRL.enable=true +ca.crl.MasterCRL.enable=[MASTER_CRL_ENABLE] ca.crl.MasterCRL.enableCRLCache=true ca.crl.MasterCRL.enableCRLUpdates=true ca.crl.MasterCRL.enableCacheTesting=false diff --git a/base/server/config/pkislots.cfg b/base/server/config/pkislots.cfg index 3873b83652e9fd0c9849dafcb1c50dcf5613e5c5..d806c1fbfd6fe430b4ca9adf4a88a666aae2acea 100644 --- a/base/server/config/pkislots.cfg +++ b/base/server/config/pkislots.cfg @@ -1,6 +1,7 @@ [Tomcat] application_version=[APPLICATION_VERSION] INSTALL_TIME_SLOT=[INSTALL_TIME] +MASTER_CRL_ENABLE_SLOT=[MASTER_CRL_ENABLE] NUXWDOG_JNI_PATH_SLOT=[NUXWDOG_JNI_PATH] PKI_ADMIN_SECURE_PORT_SLOT=[PKI_ADMIN_SECURE_PORT] PKI_ADMIN_SECURE_PORT_CONNECTOR_NAME_SLOT=[PKI_ADMIN_SECURE_PORT_CONNECTOR_NAME] diff --git a/base/server/etc/default.cfg b/base/server/etc/default.cfg index 24e4a43ff9007dd77c8794c7198c7eb96059ead9..cfbd289cc880db3bf4ed836f7dabc5168365bfd0 100644 --- a/base/server/etc/default.cfg +++ b/base/server/etc/default.cfg @@ -335,6 +335,7 @@ pki_ds_database=%(pki_instance_name)s-CA pki_ds_hostname=%(pki_hostname)s pki_subsystem_name=CA %(pki_hostname)s %(pki_https_port)s pki_share_db=False +pki_master_crl_enable=True # Default OCSP URI added by AuthInfoAccessExtDefault if the profile # config is blank. If both are blank, the value is constructed diff --git a/base/server/python/pki/server/deployment/pkiparser.py b/base/server/python/pki/server/deployment/pkiparser.py index 3e5d35575abf7b65e881211cba4b4db880bf35d8..115f3ca4506fec310ae1e5e88ccb0ecb0c4c609b 100644 --- a/base/server/python/pki/server/deployment/pkiparser.py +++ b/base/server/python/pki/server/deployment/pkiparser.py @@ -946,6 +946,10 @@ class PKIConfigParser: self.mdict['SERVER_KEYGEN_SLOT'] = \ self.mdict['pki_enable_server_side_keygen'] + if self.mdict['pki_subsystem'] == "CA": + self.mdict['MASTER_CRL_ENABLE_SLOT'] = \ + self.mdict['pki_master_crl_enable'] + self.mdict['TOMCAT_CFG_SLOT'] = \ self.mdict['pki_target_tomcat_conf'] self.mdict['TOMCAT_INSTANCE_COMMON_LIB_SLOT'] = \ -- 2.4.3
_______________________________________________ Pki-devel mailing list [email protected] https://www.redhat.com/mailman/listinfo/pki-devel
