+!
On 11 November 2016 at 18:41, Patrick Uiterwijk <puiterwijk@xxxxxxxxxx> wrote:
> Can I get any +1s? Explanation is in the commit message.
>
>
> commit 934cbf8d70d52a7819ae4af575f04bdf70cdcd0c
> Author: Patrick Uiterwijk <puiterwijk@xxxxxxxxxx>
> Date: Fri Nov 11 23:38:41 2016 +0000
>
> Fix koji client cert authentication with OpenSSL 1.1.0
>
> Turns out that renegotiation is broken in OpenSSL 1.1.0, so we allow
> clients to send their certificates (but not require them) from the
> very first connection on, so that they don't have to renegotiate.
>
> Signed-off-by: Patrick Uiterwijk <puiterwijk@xxxxxxxxxx>
>
> diff --git a/roles/koji_hub/templates/kojihub.conf.j2
> b/roles/koji_hub/templates/kojihub.conf.j2
> index 01e6f1b..f39ee34 100644
> --- a/roles/koji_hub/templates/kojihub.conf.j2
> +++ b/roles/koji_hub/templates/kojihub.conf.j2
> @@ -24,6 +24,7 @@ Alias /kojifiles "/mnt/koji/"
> </Directory>
> {% endif %}
>
> +SSLVerifyClient optional
> <Location /kojihub/ssllogin>
> SSLVerifyClient require
> SSLVerifyDepth 10
> _______________________________________________
> infrastructure mailing list -- infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
> To unsubscribe send an email to infrastructure-leave@xxxxxxxxxxxxxxxxxxxxxxx
--
Stephen J Smoogen.
_______________________________________________
infrastructure mailing list -- infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to infrastructure-leave@xxxxxxxxxxxxxxxxxxxxxxx
