diff options
| author | Fraser Tweedale <ftweedal@redhat.com> | 2016-06-27 15:04:44 +1000 |
|---|---|---|
| committer | Fraser Tweedale <ftweedal@redhat.com> | 2016-07-01 10:50:15 +1000 |
| commit | ca8edcd504ab81dbc30547c3c59a51fe98ff21cf (patch) | |
| tree | acfbb5124f608d668268d3a8f85b23349dbf1f78 /base/server/python | |
| parent | c7f9e6c4e0711dfafc81d201dcfadee3e0efa335 (diff) | |
| download | pki-ca8edcd504ab81dbc30547c3c59a51fe98ff21cf.tar.gz pki-ca8edcd504ab81dbc30547c3c59a51fe98ff21cf.tar.xz pki-ca8edcd504ab81dbc30547c3c59a51fe98ff21cf.zip | |
AuthInfoAccess: use default OCSP URI if configured
The AuthInfoAccessExtDefault profile component constructs an OCSP
URI based on the current host and port, if no URI is explicitly
configured in the profile.
Update the component to look in CS.cfg for the "ca.defaultOcspUri"
config, and use its value if present. If not present, the old
behaviour prevails.
Also add the 'pki_default_ocsp_uri' pkispawn config to add the
config during instance creation, so that the value will be used for
the CA and system certificates.
Fixes: https://fedorahosted.org/pki/ticket/2387
Diffstat (limited to 'base/server/python')
| -rw-r--r-- | base/server/python/pki/server/deployment/scriptlets/configuration.py | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/base/server/python/pki/server/deployment/scriptlets/configuration.py b/base/server/python/pki/server/deployment/scriptlets/configuration.py index b8505dd9b..64ee4e5f6 100644 --- a/base/server/python/pki/server/deployment/scriptlets/configuration.py +++ b/base/server/python/pki/server/deployment/scriptlets/configuration.py @@ -87,6 +87,11 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): subsystem = instance.get_subsystem( deployer.mdict['pki_subsystem'].lower()) + ocsp_uri = deployer.mdict.get('pki_default_ocsp_uri') + if ocsp_uri: + subsystem.config['ca.defaultOcspUri'] = ocsp_uri + subsystem.save() + token = deployer.mdict['pki_token_name'] nssdb = instance.open_nssdb(token) |