From ca8edcd504ab81dbc30547c3c59a51fe98ff21cf Mon Sep 17 00:00:00 2001 From: Fraser Tweedale Date: Mon, 27 Jun 2016 15:04:44 +1000 Subject: AuthInfoAccess: use default OCSP URI if configured The AuthInfoAccessExtDefault profile component constructs an OCSP URI based on the current host and port, if no URI is explicitly configured in the profile. Update the component to look in CS.cfg for the "ca.defaultOcspUri" config, and use its value if present. If not present, the old behaviour prevails. Also add the 'pki_default_ocsp_uri' pkispawn config to add the config during instance creation, so that the value will be used for the CA and system certificates. Fixes: https://fedorahosted.org/pki/ticket/2387 --- base/server/python/pki/server/deployment/scriptlets/configuration.py | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'base/server/python/pki') diff --git a/base/server/python/pki/server/deployment/scriptlets/configuration.py b/base/server/python/pki/server/deployment/scriptlets/configuration.py index b8505dd9b..64ee4e5f6 100644 --- a/base/server/python/pki/server/deployment/scriptlets/configuration.py +++ b/base/server/python/pki/server/deployment/scriptlets/configuration.py @@ -87,6 +87,11 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): subsystem = instance.get_subsystem( deployer.mdict['pki_subsystem'].lower()) + ocsp_uri = deployer.mdict.get('pki_default_ocsp_uri') + if ocsp_uri: + subsystem.config['ca.defaultOcspUri'] = ocsp_uri + subsystem.save() + token = deployer.mdict['pki_token_name'] nssdb = instance.open_nssdb(token) -- cgit