Fix from Tom Mitchell; move SSLVerifyDepth into server config, since

it is ignored in directory context.

Fix from Tom Mitchell; move SSLVerifyDepth into server config, since
it is ignored in directory context.
c69a3af7 · Leigh B Stoller · 8cd12669 · c69a3af7 · c69a3af7
Commit c69a3af7 authored Jun 11, 2010 by Leigh B Stoller
--- a/apache/httpd.conf.in
+++ b/apache/httpd.conf.in
@@ -1337,6 +1337,7 @@ SSLCARevocationFile @prefix@/etc/genicrl.bundle
 # supplying a verifiable certificate. 
 #
 SSLVerifyClient optional
+SSLVerifyDepth  10

 # Reject the unencrypted certs that all users get. 
 <Location />
@@ -1351,7 +1352,6 @@ ScriptAlias /protogeni/xmlrpc/ses @prefix@/protogeni/xmlrpc/protogeni-ses.pl
 	SSLRequireSSL
 	Order deny,allow
 	allow from all
-	SSLVerifyDepth  5
 </Directory>
 <Directory "@prefix@/protogeni/">
 	SSLRequireSSL
@@ -1361,7 +1361,6 @@ ScriptAlias /protogeni/xmlrpc/ses @prefix@/protogeni/xmlrpc/protogeni-ses.pl
 	Options +ExecCGI +FollowSymLinks
 	SetHandler cgi-script
 	SetEnv USER "nobody"
-	SSLVerifyDepth  5
 </Directory>
 </IfDefine>
 </VirtualHost>                                  

--- a/install/updates/5/6
+++ b/install/updates/5/6
+#
+# Note that all actions *MUST* be idempotent; if this script is run
+# again, it should always do the right thing, not break if something
+# was already done. See boss-install for lots of example of how to use
+# libinstall to help with this.
+#
+use strict;
+use libinstall;
+
+my $APACHECONF = "/usr/local/etc/apache/httpd.conf";
+
+sub InstallUpdate($$)
+{
+    my ($version, $phase) = @_;
+
+    #
+    # If something should run in the pre-install phase.
+    #
+    if ($phase eq "pre") {
+    }
+    
+    #
+    # If something should run in the post-install phase.
+    #
+    if ($phase eq "post") {
+	if ($PGENISUPPORT) {
+	    Phase "httpd.conf", "Updating apache config file", sub {
+		#
+		# This might be a rare case.
+		#
+		DoneIfIdentical("$TOP_OBJDIR/apache/httpd.conf", $APACHECONF);
+
+		#
+		# Check to see if SSLVerifyClient has been set to optional
+		#
+		PhaseSkip("Already updated")
+		    if `grep '^SSLVerifyDepth 10' $APACHECONF`;
+
+		BackUpFileFatal($APACHECONF);
+		# For impotent mode. 
+		DiffFiles("$TOP_OBJDIR/apache/httpd.conf", $APACHECONF);
+		ExecQuietFatal("$GMAKE -C $TOP_OBJDIR/apache install");
+	    };
+	    Phase "httpd", "Restarting apache", sub {
+		DoneIfDoesntExist("$VARRUN/httpd.pid");
+		ExecQuietFatal("$RCDIR/apache.sh restart");
+	    };
+	}
+    }
+    
+    return 0;
+}
+1;