389-ds-base

Clone
Source Code
GIT

60ae321 Ticket 50889 - Extract pem files into a private namespace

Authored and Committed by tbordaz 4 years ago
raw patch tree parent
8 files changed. 211 lines added. 71 lines removed.
ldap/admin/src/scripts/dscreate.map.in
file modified
+1 -0
ldap/servers/slapd/back-ldbm/misc.c
file modified
+0 -65
ldap/servers/slapd/ldaputil.c
file modified
+11 -1
ldap/servers/slapd/slapi-private.h
file modified
+2 -0
ldap/servers/slapd/ssl.c
file modified
+130 -5
ldap/servers/slapd/util.c
file modified
+65 -0
src/lib389/lib389/instance/setup.py
file modified
+1 -0
wrappers/systemd.template.service.in
file modified
+1 -0 
    Ticket 50889 - Extract pem files into a private namespace
    
    Bug Description:
    	since 1.3.5, certificates and keys are, by default, extracted under
    	nsslapd-certdir directory. They are exracted in pem files.
    
    	Some pem files (i.e. Serv-Cert-Key.pem) contain sensitive.
    	The ticket is to extract them into a private namespace specific
    	to the DS process.
    
    Fix Description:
    	If the process is started with systemd, it uses the PrivateTmp=on
    	directive to create a private namespace.
    	Then if such private namespace exists DS extracts the certificates/keys
    	under it. Else it extracts the PEM files under usual nsslapd-certdir directory
    
    https://pagure.io/389-ds-base/issue/50889
    
    Reviewed by: William Brown
    
    Platforms tested: F30
    
    Doc impact: yes
file modified
+1 -0
file modified
+0 -65
file modified
+11 -1
file modified
+2 -0
file modified
+130 -5
file modified
+65 -0
file modified
+1 -0
file modified
+1 -0
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.