SSSD / sssd

Clone

720e1a5 secrets: allow to configure certificate check

5 files Authored by pbrezina 7 years ago, Committed by lslebodn 7 years ago,
raw patch tree parent
5 files changed. 149 lines added. 0 lines removed.
src/config/SSSDConfig/__init__.py.in
file modified
+6 -0
src/config/cfg_rules.ini
file modified
+6 -0
src/config/etc/sssd.api.conf
file modified
+6 -0
src/man/sssd-secrets.5.xml
file modified
+76 -0
src/responder/secrets/proxy.c
file modified
+55 -0 
    secrets: allow to configure certificate check
    
    Some users may want to use TLS with unverified peer (for example if
    they use self-signed certificate) or if unverified hostname (if
    certificate hostname does not match with the real hostname). On the
    other side it may be useful to point to a directory containing custom
    certificate authorities.
    
    This patch add three new options to secrets responder:
    verify_peer => peer's certificate must be valid
    verify_host => hostnames must match
    capath => path to directory containing CA certs
    cacert => ca certificate
    cert => client certificate
    key => client private key
    
    Resolves:
    https://pagure.io/SSSD/sssd/issue/3192
    
    Reviewed-by: Simo Sorce <simo@redhat.com>
    Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
file modified
+6 -0
file modified
+6 -0
file modified
+6 -0
file modified
+76 -0
file modified
+55 -0
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.