summaryrefslogtreecommitdiffstats
path: root/src/tools/sss_signal.c
diff options
context:
space:
mode:
authorPavel Březina <pbrezina@redhat.com>2017-02-28 11:47:32 +0100
committerLukas Slebodnik <lslebodn@redhat.com>2017-03-30 19:08:00 +0200
commit720e1a5b95a953a0f1c8315bbb7c9c1edf9fb417 (patch)
treec559db1c94f83a924d78e22bd7f2d9ddacded5da /src/tools/sss_signal.c
parent06744bf5a47d5971a338281c8243b11cf72dac90 (diff)
downloadsssd-720e1a5b95a953a0f1c8315bbb7c9c1edf9fb417.tar.gz
sssd-720e1a5b95a953a0f1c8315bbb7c9c1edf9fb417.tar.xz
sssd-720e1a5b95a953a0f1c8315bbb7c9c1edf9fb417.zip
secrets: allow to configure certificate check
Some users may want to use TLS with unverified peer (for example if they use self-signed certificate) or if unverified hostname (if certificate hostname does not match with the real hostname). On the other side it may be useful to point to a directory containing custom certificate authorities. This patch add three new options to secrets responder: verify_peer => peer's certificate must be valid verify_host => hostnames must match capath => path to directory containing CA certs cacert => ca certificate cert => client certificate key => client private key Resolves: https://pagure.io/SSSD/sssd/issue/3192 Reviewed-by: Simo Sorce <simo@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Diffstat (limited to 'src/tools/sss_signal.c')
0 files changed, 0 insertions, 0 deletions