#2627 hub: remove global SSLVerifyClient option
Merged a year ago by tkopecek. Opened a year ago by ktdreyer.

file modified
-8
@@ -48,14 +48,6 @@ 

  #         SSLOptions +StdEnvVars

  # </Location>

  

- # If you need to support koji < 1.4.0 clients using SSL authentication, then use the following instead:

- # <Location /kojihub>

- #         SSLOptions +StdEnvVars

- # </Location>

- # In this case, you will need to enable these options globally (in ssl.conf):

- # SSLVerifyClient require

- # SSLVerifyDepth  10

- 

  # uncomment this to enable authentication via GSSAPI

  # <Location /kojihub/ssllogin>

  #         AuthType GSSAPI

Stop recommending that clients set SSLVerifyClient require globally on the hub httpd server.

In the latest versions of the koji CLI, we perform many RPCs anonymously in order to improve performance, and this is incompatible with hubs that enforce SSLVerifyClient require globally.

Fixes: https://pagure.io/koji/issue/2582

Metadata Update from @tkopecek:
- Pull-request tagged with: no_qe

a year ago

Commit b3f548f fixes this pull-request

Pull-Request has been merged by tkopecek

a year ago