1165407 – /etc/httpd/conf.d/pulp.conf sets SSLCACertificateFile

Bug 1165407 - /etc/httpd/conf.d/pulp.conf sets SSLCACertificateFile

Summary: /etc/httpd/conf.d/pulp.conf sets SSLCACertificateFile

Keywords:
Status:	CLOSED UPSTREAM
Alias:	None
Product:	Pulp
Classification:	Retired
Component:	API/integration
Sub Component:
Version:	2.4.0
Hardware:	x86_64
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Target Release:	3.0.0
Assignee:	pulp-bugs
QA Contact:	pulp-qe-list
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2014-11-18 21:33 UTC by Randy Barlow
Modified:	2015-02-28 22:45 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2015-02-28 22:45:06 UTC
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Pulp Redmine	624	0	None	None	None	Never

Description Randy Barlow 2014-11-18 21:33:15 UTC

Description of problem:
/etc/httpd/conf.d/pulp.conf sets mod_ssl's SSLCACertificateFile directive. This directive is also defined in /etc/httpd/conf.d/ssl.conf, and is inappropriate for Pulp to claim in our pulp.conf namespace. Pulp does this so that it can use auto-generated client certificates with the /login/ call. Pulp relies on httpd to check client certificates against the CA defined in this directive.

We should change the /login/ call to work differently (i.e., not rely on a CA) and stop overriding this setting in our config file.


Version-Release number of selected component (if applicable):
2.4.0-1

How reproducible:
Every time.

Steps to Reproduce:
1. Is SSLCACertificateFile in /etc/httpd/conf.d/pulp.conf?

Actual results:
Yes.

Expected results:
No.

Comment 1 Brian Bouterse 2015-02-28 22:45:06 UTC

Moved to https://pulp.plan.io/issues/624

Note You need to log in before you can comment on or make changes to this bug.