[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[Pki-devel] [PATCH] 329 - add pkispawn option to disable Master CRL



Add pkispawn option to disable Master CRL.
This is useful in the migration case.

Please review,
Ade
From fe1e82ff8f0e89c0c359064cfb749ae475125c2a Mon Sep 17 00:00:00 2001
From: Ade Lee <alee redhat com>
Date: Wed, 3 Aug 2016 23:55:53 -0400
Subject: [PATCH] Add pkispawn option to disable Master CRL

---
 base/ca/shared/conf/CS.cfg                            | 2 +-
 base/server/config/pkislots.cfg                       | 1 +
 base/server/etc/default.cfg                           | 1 +
 base/server/python/pki/server/deployment/pkiparser.py | 4 ++++
 4 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/base/ca/shared/conf/CS.cfg b/base/ca/shared/conf/CS.cfg
index 68e79a48f650c6d39d0324c071c2f3b7e9d74515..3beb45c5392427dec411fda0bb12769b9d279f43 100644
--- a/base/ca/shared/conf/CS.cfg
+++ b/base/ca/shared/conf/CS.cfg
@@ -578,7 +578,7 @@ ca.crl.MasterCRL.unexpectedExceptionLoopMax=10
 ca.crl.MasterCRL.class=com.netscape.ca.CRLIssuingPoint
 ca.crl.MasterCRL.dailyUpdates=1:00
 ca.crl.MasterCRL.description=CA's complete Certificate Revocation List
-ca.crl.MasterCRL.enable=true
+ca.crl.MasterCRL.enable=[MASTER_CRL_ENABLE]
 ca.crl.MasterCRL.enableCRLCache=true
 ca.crl.MasterCRL.enableCRLUpdates=true
 ca.crl.MasterCRL.enableCacheTesting=false
diff --git a/base/server/config/pkislots.cfg b/base/server/config/pkislots.cfg
index 3873b83652e9fd0c9849dafcb1c50dcf5613e5c5..d806c1fbfd6fe430b4ca9adf4a88a666aae2acea 100644
--- a/base/server/config/pkislots.cfg
+++ b/base/server/config/pkislots.cfg
@@ -1,6 +1,7 @@
 [Tomcat]
 application_version=[APPLICATION_VERSION]
 INSTALL_TIME_SLOT=[INSTALL_TIME]
+MASTER_CRL_ENABLE_SLOT=[MASTER_CRL_ENABLE]
 NUXWDOG_JNI_PATH_SLOT=[NUXWDOG_JNI_PATH]
 PKI_ADMIN_SECURE_PORT_SLOT=[PKI_ADMIN_SECURE_PORT]
 PKI_ADMIN_SECURE_PORT_CONNECTOR_NAME_SLOT=[PKI_ADMIN_SECURE_PORT_CONNECTOR_NAME]
diff --git a/base/server/etc/default.cfg b/base/server/etc/default.cfg
index 24e4a43ff9007dd77c8794c7198c7eb96059ead9..cfbd289cc880db3bf4ed836f7dabc5168365bfd0 100644
--- a/base/server/etc/default.cfg
+++ b/base/server/etc/default.cfg
@@ -335,6 +335,7 @@ pki_ds_database=%(pki_instance_name)s-CA
 pki_ds_hostname=%(pki_hostname)s
 pki_subsystem_name=CA %(pki_hostname)s %(pki_https_port)s
 pki_share_db=False
+pki_master_crl_enable=True
 
 # Default OCSP URI added by AuthInfoAccessExtDefault if the profile
 # config is blank.  If both are blank, the value is constructed
diff --git a/base/server/python/pki/server/deployment/pkiparser.py b/base/server/python/pki/server/deployment/pkiparser.py
index 3e5d35575abf7b65e881211cba4b4db880bf35d8..115f3ca4506fec310ae1e5e88ccb0ecb0c4c609b 100644
--- a/base/server/python/pki/server/deployment/pkiparser.py
+++ b/base/server/python/pki/server/deployment/pkiparser.py
@@ -946,6 +946,10 @@ class PKIConfigParser:
                 self.mdict['SERVER_KEYGEN_SLOT'] = \
                     self.mdict['pki_enable_server_side_keygen']
 
+            if self.mdict['pki_subsystem'] == "CA":
+                self.mdict['MASTER_CRL_ENABLE_SLOT'] = \
+                    self.mdict['pki_master_crl_enable']
+
             self.mdict['TOMCAT_CFG_SLOT'] = \
                 self.mdict['pki_target_tomcat_conf']
             self.mdict['TOMCAT_INSTANCE_COMMON_LIB_SLOT'] = \
-- 
2.4.3


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]