[Freeipa-devel] certmonger proxy configuration not possible ?
Marx, Peter
Peter.Marx at knorr-bremse.com
Mon Aug 8 12:23:13 UTC 2016
what I feared...
ok. I will open an enhancement ticket. Hopefully somebody can provide a preliminary patch I can apply.
-----Original Message-----
From: Alexander Bokovoy [mailto:abokovoy at redhat.com]
Sent: Monday, August 08, 2016 11:48 AM
To: Marx, Peter
Cc: Rob Crittenden; 'freeipa-devel at redhat.com'
Subject: Re: [Freeipa-devel] certmonger proxy configuration not possible ?
On Mon, 08 Aug 2016, Marx, Peter wrote:
>I am trying this but it has no effect - as if the environment is not passed to the called helper scep-submit.
>
>In /usr/lib/systemd/certmonger.service there is already a link defined to add stuff:
>[Service]
>..
>EnvironmentFile=/etc/sysconfig/certmonger
>
>In /etc/sysconfig/certmonger I added my proxy like this:
>
>[Service]
>Environment="http_proxy=http://proxyuser:proxypassword@proxyserver:proxyport"
>
>After systemctl daemon-reload and systemctl restart certmonger my
>requests still do not get to the proxy.
>
>Commenting out the EnvironmetFile line and adding the Environment line
>directly in certmonger.service had the same result.
>
>Can somebody confirm that the proxy setting is visible to the called
>scep-submit ?
I've checked certmonger source code and while libcurl can be configured to use proxy and proxy authentication, certmonger does not configure it to do so. As result, environmental variables have no influence on the use of libcurl by certmonger.
It is worth to open a ticket for certmonger to add proxy support.
--
/ Alexander Bokovoy
automechanika - 13.09.-17.09.2016 - Messe Frankfurt - Hall 3.0 - Stand G98 + E91
InnoTrans - 20.09.-23.09.2016 - Messe Berlin - Hall 1.2b - Stand 104 + 210
IAA - 22.09.-29.09.2016 - Messe Hannover - Hall 17 - Stand A30 + D131
Knorr-Bremse IT-Services GmbH
Sitz: Muenchen
Geschaeftsfuehrer: Helmut Draxler (Vorsitzender), Harald Jessen, Harald Schneider
Registergericht Muenchen, HR B 167 268
This transmission is intended solely for the addressee and contains confidential information.
If you are not the intended recipient, please immediately inform the sender and delete the message and any attachments from your system.
Furthermore, please do not copy the message or disclose the contents to anyone unless agreed otherwise. To the extent permitted by law we shall in no way be liable for any damages, whatever their nature, arising out of transmission failures, viruses, external influence, delays and the like.
More information about the Freeipa-devel
mailing list