diff options
author | Sumit Bose <sbose@redhat.com> | 2015-11-05 18:20:27 +0100 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2015-11-26 16:39:49 +0100 |
commit | 544a20de7667f05c1a406c4dea0706b0ab507430 (patch) | |
tree | dca48b12957626f2ebae2fb2b0f9a96ef617713e /src/man/sssd.conf.5.xml | |
parent | d0de7701d44c7a75210a9cb04634913ce3a94bfb (diff) | |
download | sssd-544a20de7667f05c1a406c4dea0706b0ab507430.tar.gz sssd-544a20de7667f05c1a406c4dea0706b0ab507430.tar.xz sssd-544a20de7667f05c1a406c4dea0706b0ab507430.zip |
p11: enable ocsp checks
This patch enables the Online Certificate Status Protocol in NSS and
adds an option to disable it if needed. To make further tuning of
certificate verification more easy it is not an option on its own but an
option to the new certificate_verification configuration option.
Resolves https://fedorahosted.org/sssd/ticket/2812
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Diffstat (limited to 'src/man/sssd.conf.5.xml')
-rw-r--r-- | src/man/sssd.conf.5.xml | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml index 573f421a7..030485cd7 100644 --- a/src/man/sssd.conf.5.xml +++ b/src/man/sssd.conf.5.xml @@ -365,6 +365,35 @@ </para> </listitem> </varlistentry> + <varlistentry> + <term>certificate_verification (string)</term> + <listitem> + <para> + With this parameter the certificate verification + can be tuned with a comma separated list of + options. Supported options are: + <variablelist> + <varlistentry> + <term>no_ocsp</term> + <listitem> + <para>Disables Online Certificate Status + Protocol (OCSP) checks. This might be + needed if the OCSP servers defined in + the certificate are not reachable from + the client.</para> + </listitem> + </varlistentry> + </variablelist> + </para> + <para> + Unknown options are reported but ignored. + </para> + <para> + Default: not set, i.e. do not restrict + certificate vertification + </para> + </listitem> + </varlistentry> </variablelist> </para> </refsect2> |