Commit b6959875 authored by Titouan Soulard's avatar Titouan Soulard

software/slapos-master: allow disabling CRL check (fixup)

parent dc649be1
Pipeline #33103 failed with stage
in 0 seconds
......@@ -168,7 +168,7 @@ Listen {{ ip }}:{{ port }}
# Custom block we use for now different parameters.
RequestHeader set Remote-User %{SSL_CLIENT_S_DN_CN}s
SSLCACertificateFile {{ parameter_dict['shared-ca-cert'] }}
{% if parameter_dict['shared-crl'] -%}
{% if 'shared-crl' in parameter_dict -%}
SSLCARevocationCheck chain
SSLCARevocationPath {{ parameter_dict['shared-crl'] }}
{% endif -%}
......
......@@ -4,7 +4,6 @@
{% set ssl_parameter_dict = slapparameter_dict['ssl'] -%}
{% set frontend_caucase_url_list = ssl_parameter_dict.get('frontend-caucase-url-list', []) -%}
{% set shared_ca_path = slapparameter_dict.get('shared-certificate-authority-path') -%}
{% set check_crl = slapparameter_dict.get('check-crl', True) -%}
{#
XXX: This template only supports exactly one IPv4 and (if ipv6 is used) one IPv6
per partition. No more (undefined result), no less (IndexError).
......@@ -175,7 +174,7 @@ crl = ${apache-conf-ssl:crl}
{% if shared_ca_path -%}
shared-ca-cert = {{ shared_ca_path }}/cacert.pem
{% if check_crl -%}
{% if slapparameter_dict.get('check-crl') -%}
shared-crl = {{ shared_ca_path }}/crl
{%- endif %}
{%- endif %}
......
......@@ -448,6 +448,7 @@ config-monitor-passwd = ${monitor-htpasswd:passwd}
config-ssl = {{ dumps(balancer_dict['ssl']) }}
config-name = ${:name}
config-shared-certificate-authority-path = ${directory:ca-dir}
config-check-crl = {{ dumps(slapparameter_dict.get('check-crl', True)) }}
config-backend-path-dict = {{ dumps(zope_backend_path_dict) }}
config-ssl-authentication-dict = {{ dumps(ssl_authentication_dict) }}
config-apachedex-promise-threshold = {{ dumps(monitor_dict.get('apachedex-promise-threshold', 70)) }}
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment