p11: enable ocsp checks

This patch enables the Online Certificate Status Protocol in NSS and adds an option to disable it if needed. To make further tuning of certificate verification more easy it is not an option on its own but an option to the new certificate_verification configuration option. Resolves https://fedorahosted.org/sssd/ticket/2812 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
author: Sumit Bose <sbose@redhat.com> 2015-11-05 18:20:27 +0100
committer: Jakub Hrozek <jhrozek@redhat.com> 2015-11-26 16:39:49 +0100
commit: 544a20de7667f05c1a406c4dea0706b0ab507430 (patch)
tree: dca48b12957626f2ebae2fb2b0f9a96ef617713e /src/confdb/confdb.h
parent: d0de7701d44c7a75210a9cb04634913ce3a94bfb (diff)
download: sssd-544a20de7667f05c1a406c4dea0706b0ab507430.tar.gz
sssd-544a20de7667f05c1a406c4dea0706b0ab507430.tar.xz
sssd-544a20de7667f05c1a406c4dea0706b0ab507430.zip
1 files changed, 1 insertions, 0 deletions
diff --git a/src/confdb/confdb.h b/src/confdb/confdb.h
index 0ef7268f9..fcffcb5a6 100644
--- a/src/confdb/confdb.h
+++ b/src/confdb/confdb.h
@@ -72,6 +72,7 @@
 #define CONFDB_MONITOR_OVERRIDE_SPACE "override_space"
 #define CONFDB_MONITOR_USER_RUNAS "user"
 #define CONFDB_MONITOR_PRE_KILL_CMD "diag_cmd"
+#define CONFDB_MONITOR_CERT_VERIFICATION "certificate_verification"
 
 /* Both monitor and domains */
 #define CONFDB_NAME_REGEX   "re_expression"
author	Sumit Bose <sbose@redhat.com>	2015-11-05 18:20:27 +0100
committer	Jakub Hrozek <jhrozek@redhat.com>	2015-11-26 16:39:49 +0100
commit	544a20de7667f05c1a406c4dea0706b0ab507430 (patch)
tree	dca48b12957626f2ebae2fb2b0f9a96ef617713e /src/confdb/confdb.h
parent	d0de7701d44c7a75210a9cb04634913ce3a94bfb (diff)
download	sssd-544a20de7667f05c1a406c4dea0706b0ab507430.tar.gz sssd-544a20de7667f05c1a406c4dea0706b0ab507430.tar.xz sssd-544a20de7667f05c1a406c4dea0706b0ab507430.zip