Use correct CA variables in reverse proxy#515
Conversation
manifests/reverse_proxy.pp
Outdated
There was a problem hiding this comment.
Isn't this the certificate we expect on the remote server (so Foreman)? https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxycacertificatefile states:
This directive sets the all-in-one file where you can assemble the Certificates of Certification Authorities (CA) whose remote servers you deal with. These are used for Remote Server Authentication. Such a file is simply the concatenation of the various PEM-encoded Certificate files, in order of preference. This can be used alternatively and/or additionally to SSLProxyCACertificatePath.
There was a problem hiding this comment.
Looking at theforeman/puppet-certs@9585baa:
$ca_cert = "${pki_dir}/certs/${default_ca_name}.crt"
$katello_default_ca_cert = "${pki_dir}/certs/${default_ca_name}.crt"
so this is an equivalent change
There was a problem hiding this comment.
For this change,to fix tests I think we keep it equivalent. As for your point, this change dates back a long, long time to #54.
The configuration is not setting SSLProxyVerify explicitly, where as we do set SSLClientVerify (granted to optional) so I am guessing this setting doesn't actually matter or do anything at the moment.
ehelms
force-pushed
the
use-correct-apache-certs
branch
2 times, most recently
from
0e585ab to
6ab0dd4
Compare
|
Updated. |
Signed-off-by: Eric D. Helms <ericdhelms@gmail.com>
ehelms
force-pushed
the
use-correct-apache-certs
branch
from
6ab0dd4 to
ab480be
Compare
3 participants
The removal of parameters in puppet-certs that were not used internally were used externally -- this updates to use current canonical parameters.