particle-os/debian-koji
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Remove dead client CA code

Browse source 
The client CA is only needed to for authentication on the server side,
not for authentication on the client side. Therefore remove it from all
client login code.
This commit is contained in:
Till Maas 2015-02-17 19:16:47 +01:00 committed by Mike McLean
parent c54ea3312a
commit ffcf1a30eb
15 changed files with 19 additions and 36 deletions
Download patch file Download diff file Expand all files Collapse all files

4
vm/kojivmd
View file

@ -130,7 +130,7 @@ def get_options():
'offline_retry_interval': 120,
'allowed_scms': '',
'cert': '/etc/kojivmd/client.crt',
'ca': '/etc/kojivmd/clientca.crt',
'ca': '', # FIXME: Remove in next major release
'serverca': '/etc/kojivmd/serverca.crt'}
if config.has_section('kojivmd'):
for name, value in config.items('kojivmd'):
@ -1066,7 +1066,7 @@ if __name__ == "__main__":
if os.path.isfile(options.cert):
try:
# authenticate using SSL client certificates
session.ssl_login(options.cert, options.ca,
session.ssl_login(options.cert, None,
options.serverca)
except koji.AuthError, e:
quit("Error: Unable to log in: %s" % e)

3
vm/kojivmd.conf
View file

@ -50,8 +50,5 @@ from_addr=Koji Build System <buildsys@example.com>
;client certificate
;cert = /etc/kojivmd/client.crt
;certificate of the CA that issued the client certificate
;ca = /etc/kojivmd/clientca.crt
;certificate of the CA that issued the HTTP server certificate
;serverca = /etc/kojivmd/serverca.crt