[freeipa/f18] Configure CA replication to use TLS instead of SSL
rcritten
rcritten at fedoraproject.org
Fri Oct 12 18:49:03 UTC 2012
commit ba52833aa99e363e332c015ec4f0fd63add521f5
Author: Rob Crittenden <rcritten at redhat.com>
Date: Fri Oct 12 14:47:17 2012 -0400
Configure CA replication to use TLS instead of SSL
0001-Use-TLS-for-CA-replication.patch | 26 ++++++++++++++++++++++++++
freeipa.spec | 7 ++++++-
2 files changed, 32 insertions(+), 1 deletions(-)
---
diff --git a/0001-Use-TLS-for-CA-replication.patch b/0001-Use-TLS-for-CA-replication.patch
new file mode 100644
index 0000000..f0337f3
--- /dev/null
+++ b/0001-Use-TLS-for-CA-replication.patch
@@ -0,0 +1,26 @@
+From 98fde54c170eb7974afe80403d54747563c8e3be Mon Sep 17 00:00:00 2001
+From: Rob Crittenden <rcritten at redhat.com>
+Date: Fri, 12 Oct 2012 14:35:43 -0400
+Subject: [PATCH] Use TLS for CA replication
+
+https://fedorahosted.org/freeipa/ticket/3162
+---
+ ipaserver/install/cainstance.py | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py
+index aabbba3..f2ac840 100644
+--- a/ipaserver/install/cainstance.py
++++ b/ipaserver/install/cainstance.py
+@@ -640,7 +640,7 @@ class CAInstance(service.Service):
+ "pki_security_domain_hostname": self.master_host,
+ "pki_security_domain_https_port": "443",
+ "pki_security_domain_password": self.admin_password,
+- "pki_clone_replication_security": "SSL",
++ "pki_clone_replication_security": "TLS",
+ "pki_clone_uri": \
+ "https://%s" % ipautil.format_netloc(self.master_host, 443)
+ }
+--
+1.7.11.4
+
diff --git a/freeipa.spec b/freeipa.spec
index 7057573..fae5567 100644
--- a/freeipa.spec
+++ b/freeipa.spec
@@ -15,7 +15,7 @@ distutils.sysconfig import get_python_lib; print(get_python_lib(1))")}
Name: freeipa
Version: 3.0.0
-Release: 1%{?dist}
+Release: 2%{?dist}
Summary: The Identity, Policy and Audit system
Group: System Environment/Base
@@ -24,6 +24,8 @@ URL: http://www.freeipa.org/
Source0: http://www.freeipa.org/downloads/src/freeipa-%{VERSION}.tar.gz
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
+Patch1: 0001-Use-TLS-for-CA-replication.patch
+
%if ! %{ONLY_CLIENT}
BuildRequires: 389-ds-base-devel >= 1.2.11.14
BuildRequires: svrcore-devel
@@ -742,6 +744,9 @@ fi
%ghost %attr(0644,root,apache) %config(noreplace) %{_sysconfdir}/ipa/ca.crt
%changelog
+* Fri Oct 12 2012 Rob Crittenden <rcritten at redhat.com> - 3.0.0-2
+- Configure CA replication to use TLS instead of SSL
+
* Fri Oct 12 2012 Rob Crittenden <rcritten at redhat.com> - 3.0.0-1
- Updated to upstream 3.0.0 GA
- Set minimum for samba to 4.0.0-153.
More information about the scm-commits
mailing list