diff options
| author | Pavel Březina <pbrezina@redhat.com> | 2017-02-28 11:47:32 +0100 |
|---|---|---|
| committer | Lukas Slebodnik <lslebodn@redhat.com> | 2017-03-30 19:08:00 +0200 |
| commit | 720e1a5b95a953a0f1c8315bbb7c9c1edf9fb417 (patch) | |
| tree | c559db1c94f83a924d78e22bd7f2d9ddacded5da /src/util | |
| parent | 06744bf5a47d5971a338281c8243b11cf72dac90 (diff) | |
| download | sssd-720e1a5b95a953a0f1c8315bbb7c9c1edf9fb417.tar.gz sssd-720e1a5b95a953a0f1c8315bbb7c9c1edf9fb417.tar.xz sssd-720e1a5b95a953a0f1c8315bbb7c9c1edf9fb417.zip | |
secrets: allow to configure certificate check
Some users may want to use TLS with unverified peer (for example if
they use self-signed certificate) or if unverified hostname (if
certificate hostname does not match with the real hostname). On the
other side it may be useful to point to a directory containing custom
certificate authorities.
This patch add three new options to secrets responder:
verify_peer => peer's certificate must be valid
verify_host => hostnames must match
capath => path to directory containing CA certs
cacert => ca certificate
cert => client certificate
key => client private key
Resolves:
https://pagure.io/SSSD/sssd/issue/3192
Reviewed-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Diffstat (limited to 'src/util')
0 files changed, 0 insertions, 0 deletions