diff options
| author | Mohit Agrawal <moagrawa@redhat.com> | 2018-03-14 09:37:52 +0530 |
|---|---|---|
| committer | Jeff Darcy <jeff@pl.atyp.us> | 2018-03-19 19:00:03 +0000 |
| commit | cf06dd544004701ef43fa81c5b7a95353d5c1d65 (patch) | |
| tree | 7f52598cb402269c781d020686886bf28c481232 /api | |
| parent | de52876407040a8cae9656ede9f66084d4cb45ac (diff) | |
| download | glusterfs-cf06dd544004701ef43fa81c5b7a95353d5c1d65.tar.gz glusterfs-cf06dd544004701ef43fa81c5b7a95353d5c1d65.tar.xz glusterfs-cf06dd544004701ef43fa81c5b7a95353d5c1d65.zip | |
glusterd: TLS verification fails while using intermediate CA
Problem: TLS verification fails while using intermediate CA
if mgmt SSL is enabled.
Solution: There are two main issue of TLS verification failing
1) not calling ssl_api to set cert_depth
2) The current code does not allow to set certificate depth
while MGMT SSL is enabled.
After apply this patch to set certificate depth user
need to set parameter option transport.socket.ssl-cert-depth <depth>
in /var/lib/glusterd/secure_acccess instead to set in
/etc/glusterfs/glusterd.vol. At the time of set secure_mgmt in ctx
we will check the value of cert-depth and save the value of cert-depth
in ctx.If user does not provide any value in cert-depth in that case
it will consider default value is 1
BUG: 1555154
Change-Id: I89e9a9e1026e37efb5c20f9ec62b1989ef644f35
Signed-off-by: Mohit Agrawal <moagrawa@redhat.com>
Diffstat (limited to 'api')
| -rw-r--r-- | api/src/glfs-mgmt.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/api/src/glfs-mgmt.c b/api/src/glfs-mgmt.c index f709b54d49..229caa9877 100644 --- a/api/src/glfs-mgmt.c +++ b/api/src/glfs-mgmt.c @@ -1040,6 +1040,7 @@ glfs_mgmt_init (struct glfs *fs) if (sys_access (SECURE_ACCESS_FILE, F_OK) == 0) { ctx->secure_mgmt = 1; + ctx->ssl_cert_depth = glusterfs_read_secure_access_file (); } rpc = rpc_clnt_new (options, THIS, THIS->name, 8); |