freeipa

Clone
Source Code
GIT

d2d487b Set the ACME baseURL in order to pin a client to a single IPA server

1 file Authored by rcritten 3 years ago, Committed by abbra 3 years ago,
raw patch tree parent
1 file changed. 2 lines added. 0 lines removed.
install/share/pki-acme-engine.conf.template
file modified
+2 -0 
    Set the ACME baseURL in order to pin a client to a single IPA server
    
    ACME uses nonce values to prevent replay attacks. Since the
    ipa-ca name can go to any of the IPA servers in order to verify the
    nonce the servers need to know the value that was set which
    relies on replication. Sometimes the client is faster than
    replication so a request can fail.
    
    This change returns the baseURL to the client as the name of the
    ACME server during discovery which should pin all requests to this
    one IPA server and alleviate the replication issue.
    
    Signed-off-by: Rob Crittenden <rcritten@redhat.com>
    
    https://pagure.io/freeipa/issue/8712
    
    Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
file modified
+2 -0
Powered by Pagure 5.14.1
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.