diff options
author | Sumit Bose <sbose@redhat.com> | 2015-11-05 18:20:27 +0100 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2015-11-26 16:39:49 +0100 |
commit | 544a20de7667f05c1a406c4dea0706b0ab507430 (patch) | |
tree | dca48b12957626f2ebae2fb2b0f9a96ef617713e /src/confdb/confdb.h | |
parent | d0de7701d44c7a75210a9cb04634913ce3a94bfb (diff) | |
download | sssd-544a20de7667f05c1a406c4dea0706b0ab507430.tar.gz sssd-544a20de7667f05c1a406c4dea0706b0ab507430.tar.xz sssd-544a20de7667f05c1a406c4dea0706b0ab507430.zip |
p11: enable ocsp checks
This patch enables the Online Certificate Status Protocol in NSS and
adds an option to disable it if needed. To make further tuning of
certificate verification more easy it is not an option on its own but an
option to the new certificate_verification configuration option.
Resolves https://fedorahosted.org/sssd/ticket/2812
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Diffstat (limited to 'src/confdb/confdb.h')
-rw-r--r-- | src/confdb/confdb.h | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/src/confdb/confdb.h b/src/confdb/confdb.h index 0ef7268f9..fcffcb5a6 100644 --- a/src/confdb/confdb.h +++ b/src/confdb/confdb.h @@ -72,6 +72,7 @@ #define CONFDB_MONITOR_OVERRIDE_SPACE "override_space" #define CONFDB_MONITOR_USER_RUNAS "user" #define CONFDB_MONITOR_PRE_KILL_CMD "diag_cmd" +#define CONFDB_MONITOR_CERT_VERIFICATION "certificate_verification" /* Both monitor and domains */ #define CONFDB_NAME_REGEX "re_expression" |