Commit c69a3af7 authored by Leigh B Stoller's avatar Leigh B Stoller
Browse files

Fix from Tom Mitchell; move SSLVerifyDepth into server config, since

it is ignored in directory context.
parent 8cd12669
......@@ -1337,6 +1337,7 @@ SSLCARevocationFile @prefix@/etc/genicrl.bundle
# supplying a verifiable certificate.
#
SSLVerifyClient optional
SSLVerifyDepth 10
# Reject the unencrypted certs that all users get.
<Location />
......@@ -1351,7 +1352,6 @@ ScriptAlias /protogeni/xmlrpc/ses @prefix@/protogeni/xmlrpc/protogeni-ses.pl
SSLRequireSSL
Order deny,allow
allow from all
SSLVerifyDepth 5
</Directory>
<Directory "@prefix@/protogeni/">
SSLRequireSSL
......@@ -1361,7 +1361,6 @@ ScriptAlias /protogeni/xmlrpc/ses @prefix@/protogeni/xmlrpc/protogeni-ses.pl
Options +ExecCGI +FollowSymLinks
SetHandler cgi-script
SetEnv USER "nobody"
SSLVerifyDepth 5
</Directory>
</IfDefine>
</VirtualHost>
......
#
# Note that all actions *MUST* be idempotent; if this script is run
# again, it should always do the right thing, not break if something
# was already done. See boss-install for lots of example of how to use
# libinstall to help with this.
#
use strict;
use libinstall;
my $APACHECONF = "/usr/local/etc/apache/httpd.conf";
sub InstallUpdate($$)
{
my ($version, $phase) = @_;
#
# If something should run in the pre-install phase.
#
if ($phase eq "pre") {
}
#
# If something should run in the post-install phase.
#
if ($phase eq "post") {
if ($PGENISUPPORT) {
Phase "httpd.conf", "Updating apache config file", sub {
#
# This might be a rare case.
#
DoneIfIdentical("$TOP_OBJDIR/apache/httpd.conf", $APACHECONF);
#
# Check to see if SSLVerifyClient has been set to optional
#
PhaseSkip("Already updated")
if `grep '^SSLVerifyDepth 10' $APACHECONF`;
BackUpFileFatal($APACHECONF);
# For impotent mode.
DiffFiles("$TOP_OBJDIR/apache/httpd.conf", $APACHECONF);
ExecQuietFatal("$GMAKE -C $TOP_OBJDIR/apache install");
};
Phase "httpd", "Restarting apache", sub {
DoneIfDoesntExist("$VARRUN/httpd.pid");
ExecQuietFatal("$RCDIR/apache.sh restart");
};
}
}
return 0;
}
1;
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment