[Pki-devel] [PATCH] 523 Enabled certificate revocation checking by default.
Endi Sukma Dewata
edewata at redhat.com
Wed Sep 3 20:28:47 UTC 2014
The CS.cfg templates for all subsystems have been modified to enable
certificate revocation checking during authentication. This will
affect new installations only.
Ticket #1117, #1134
The patch was tested for installation only, not for revocation checking.
--
Endi S. Dewata
-------------- next part --------------
From 30375db50f9656357fe5591d2633a90a7e260de7 Mon Sep 17 00:00:00 2001
From: "Endi S. Dewata" <edewata at redhat.com>
Date: Wed, 3 Sep 2014 16:06:49 -0400
Subject: [PATCH] Enabled certificate revocation checking by default.
The CS.cfg templates for all subsystems have been modified to enable
certificate revocation checking during authentication. This will
affect new installations only.
Ticket #1117, #1134
---
base/kra/shared/conf/CS.cfg.in | 4 +++-
base/ocsp/shared/conf/CS.cfg.in | 4 ++++
base/tks/shared/conf/CS.cfg.in | 4 ++++
base/tps-tomcat/shared/conf/CS.cfg.in | 4 ++++
4 files changed, 15 insertions(+), 1 deletion(-)
diff --git a/base/kra/shared/conf/CS.cfg.in b/base/kra/shared/conf/CS.cfg.in
index a3cf7918ead1ff5d777d3027b977385da80907a3..236b484bbe08c741bfdc2734149c486180cb56fa 100644
--- a/base/kra/shared/conf/CS.cfg.in
+++ b/base/kra/shared/conf/CS.cfg.in
@@ -155,8 +155,10 @@ auths.instance.AgentCertAuth.agentGroup=Certificate Manager Agents
auths.instance.AgentCertAuth.pluginName=AgentCertAuth
auths.instance.TokenAuth.pluginName=TokenAuth
auths.revocationChecking.bufferSize=50
-auths.revocationChecking.enabled=false
+auths.revocationChecking.enabled=true
auths.revocationChecking.kra=kra
+auths.revocationChecking.unknownStateInterval=0
+auths.revocationChecking.validityInterval=120
authz._000=##
authz._001=## new authorizatioin
authz._002=##
diff --git a/base/ocsp/shared/conf/CS.cfg.in b/base/ocsp/shared/conf/CS.cfg.in
index 9f92ebfe221e2d653d761012ea12cf9abdb3422c..3603e4d2139bf16ceb7320ab014f4e7abcae6052 100644
--- a/base/ocsp/shared/conf/CS.cfg.in
+++ b/base/ocsp/shared/conf/CS.cfg.in
@@ -141,6 +141,10 @@ auths.instance.AgentCertAuth.agentGroup=Certificate Manager Agents
auths.instance.AgentCertAuth.pluginName=AgentCertAuth
auths.instance.TokenAuth.pluginName=TokenAuth
auths.revocationChecking.bufferSize=50
+auths.revocationChecking.enabled=true
+auths.revocationChecking.ocsp=ocsp
+auths.revocationChecking.unknownStateInterval=0
+auths.revocationChecking.validityInterval=120
authz._000=##
authz._001=## new authorizatioin
authz._002=##
diff --git a/base/tks/shared/conf/CS.cfg.in b/base/tks/shared/conf/CS.cfg.in
index bd2858d023c88b318d4a28a9e6456d509c3156fa..41937d1407ea687b59a2bdd5cb0292a126e057cb 100644
--- a/base/tks/shared/conf/CS.cfg.in
+++ b/base/tks/shared/conf/CS.cfg.in
@@ -132,6 +132,10 @@ auths.instance.AgentCertAuth.agentGroup=Certificate Manager Agents
auths.instance.AgentCertAuth.pluginName=AgentCertAuth
auths.instance.TokenAuth.pluginName=TokenAuth
auths.revocationChecking.bufferSize=50
+auths.revocationChecking.enabled=true
+auths.revocationChecking.tks=tks
+auths.revocationChecking.unknownStateInterval=0
+auths.revocationChecking.validityInterval=120
authz._000=##
authz._001=## new authorizatioin
authz._002=##
diff --git a/base/tps-tomcat/shared/conf/CS.cfg.in b/base/tps-tomcat/shared/conf/CS.cfg.in
index e91b3451c2716a97d311de1b251b657d2b4ddfdf..1647acc5dc2d0e9ea74a7ad0369755db5ef62f13 100644
--- a/base/tps-tomcat/shared/conf/CS.cfg.in
+++ b/base/tps-tomcat/shared/conf/CS.cfg.in
@@ -66,6 +66,10 @@ auths.instance.ldap1.ldap.ldapconn.version=3
auths.instance.ldap1.pluginName=UidPwdDirAuth
auths.instance.SSLclientCertAuth.pluginName=SSLclientCertAuth
auths.revocationChecking.bufferSize=50
+auths.revocationChecking.enabled=true
+auths.revocationChecking.tps=tps
+auths.revocationChecking.unknownStateInterval=0
+auths.revocationChecking.validityInterval=120
authType=pwd
authz._000=##
authz._001=## new authorizatioin
--
1.8.4.2
More information about the Pki-devel
mailing list