Remove dead client CA code
The client CA is only needed to for authentication on the server side, not for authentication on the client side. Therefore remove it from all client login code.
This commit is contained in:
Till Maas
Mike McLean
parent
c54ea3312a
commit
ffcf1a30eb
15 changed files with 19 additions and 36 deletions
|
|
@ -91,8 +91,8 @@ def get_options():
|
|||
help=_("enable hackish workaround for broken networks"))
|
||||
parser.add_option("--cert", default='/etc/koji-gc/client.crt',
|
||||
help=_("Client SSL certificate file for authentication"))
|
||||
parser.add_option("--ca", default='/etc/koji-gc/clientca.crt',
|
||||
help=_("CA cert file that issued the client certificate"))
|
||||
parser.add_option("--ca", default='',
|
||||
help=_("ignored")) # FIXME: remove in next major release
|
||||
parser.add_option("--serverca", default='/etc/koji-gc/serverca.crt',
|
||||
help=_("CA cert file that issued the hub certificate"))
|
||||
parser.add_option("-n", "--test", action="store_true", default=False,
|
||||
|
|
@ -165,7 +165,7 @@ def get_options():
|
|||
['password', None, 'string'],
|
||||
['noauth', None, 'boolean'],
|
||||
['cert', None, 'string'],
|
||||
['ca', None, 'string'],
|
||||
['ca', None, 'string'], # FIXME: remove in next major release
|
||||
['serverca', None, 'string'],
|
||||
['server', None, 'string'],
|
||||
['weburl', None, 'string'],
|
||||
|
|
@ -373,7 +373,7 @@ def activate_session(session):
|
|||
pass
|
||||
elif os.path.isfile(options.cert):
|
||||
# authenticate using SSL client cert
|
||||
session.ssl_login(options.cert, options.ca, options.serverca, proxyuser=options.runas)
|
||||
session.ssl_login(options.cert, None, options.serverca, proxyuser=options.runas)
|
||||
elif options.user:
|
||||
#authenticate using user/password
|
||||
session.login()
|
||||
|
|
|
|||
|
|
@ -727,7 +727,7 @@ def get_options():
|
|||
#XXX should really be called expired_repo_lifetime
|
||||
'sleeptime' : 15,
|
||||
'cert': '/etc/kojira/client.crt',
|
||||
'ca': '/etc/kojira/clientca.crt',
|
||||
'ca': '', # FIXME: unused, remove in next major release
|
||||
'serverca': '/etc/kojira/serverca.crt'
|
||||
}
|
||||
if config.has_section(section):
|
||||
|
|
@ -735,7 +735,7 @@ def get_options():
|
|||
'retry_interval', 'max_retries', 'offline_retry_interval',
|
||||
'max_delete_processes', 'max_repo_tasks_maven', 'delete_batch_size', )
|
||||
str_opts = ('topdir', 'server', 'user', 'password', 'logfile', 'principal', 'keytab', 'krbservice',
|
||||
'cert', 'ca', 'serverca', 'debuginfo_tags', 'source_tags')
|
||||
'cert', 'ca', 'serverca', 'debuginfo_tags', 'source_tags') # FIXME: remove ca here
|
||||
bool_opts = ('with_src','verbose','debug','ignore_stray_repos', 'offline_retry')
|
||||
for name in config.options(section):
|
||||
if name in int_opts:
|
||||
|
|
@ -797,7 +797,7 @@ if __name__ == "__main__":
|
|||
session = koji.ClientSession(options.server,session_opts)
|
||||
if os.path.isfile(options.cert):
|
||||
# authenticate using SSL client certificates
|
||||
session.ssl_login(options.cert, options.ca, options.serverca)
|
||||
session.ssl_login(options.cert, None, options.serverca)
|
||||
elif options.user:
|
||||
# authenticate using user/password
|
||||
session.login()
|
||||
|
|
|
|||
|
|
@ -37,8 +37,5 @@ with_src=no
|
|||
;client certificate
|
||||
;cert = /etc/kojira/client.crt
|
||||
|
||||
;certificate of the CA that issued the client certificate
|
||||
;ca = /etc/kojira/clientca.crt
|
||||
|
||||
;certificate of the CA that issued the HTTP server certificate
|
||||
;serverca = /etc/kojira/serverca.crt
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue