Commit c1220b25 authored by Leigh Stoller's avatar Leigh Stoller

With Apache 2.4, there is a new option to allow CAs with no CRLS

when CRLS are enabled. This used to be the default but is now an
option we need to turn on.
parent b433cccb
...@@ -842,7 +842,7 @@ CustomLog @prefix@/log/apache_ssl_request_log.geni \ ...@@ -842,7 +842,7 @@ CustomLog @prefix@/log/apache_ssl_request_log.geni \
SSLCACertificateFile @prefix@/etc/genica.bundle SSLCACertificateFile @prefix@/etc/genica.bundle
# Another bundle of CRLs. # Another bundle of CRLs.
SSLCARevocationFile @prefix@/etc/genicrl.bundle SSLCARevocationFile @prefix@/etc/genicrl.bundle
SSLCARevocationCheck chain SSLCARevocationCheck chain no_crl_for_cert_ok
# Reject the unencrypted certs that all users get. # Reject the unencrypted certs that all users get.
<Location /> <Location />
...@@ -1040,7 +1040,7 @@ CustomLog @prefix@/log/apache_ssl_request_log.geni \ ...@@ -1040,7 +1040,7 @@ CustomLog @prefix@/log/apache_ssl_request_log.geni \
SSLCACertificateFile @prefix@/etc/genica.bundle SSLCACertificateFile @prefix@/etc/genica.bundle
# Another bundle of CRLs. # Another bundle of CRLs.
SSLCARevocationFile @prefix@/etc/genicrl.bundle SSLCARevocationFile @prefix@/etc/genicrl.bundle
SSLCARevocationCheck chain SSLCARevocationCheck chain no_crl_for_cert_ok
ScriptAlias /protogeni/pubxmlrpc @prefix@/protogeni/pubxmlrpc/pubgeni-wrapper.pl ScriptAlias /protogeni/pubxmlrpc @prefix@/protogeni/pubxmlrpc/pubgeni-wrapper.pl
...@@ -1210,7 +1210,7 @@ CustomLog @prefix@/log/apache_ssl_request_log.geni \ ...@@ -1210,7 +1210,7 @@ CustomLog @prefix@/log/apache_ssl_request_log.geni \
SSLCACertificateFile @prefix@/etc/genica.bundle SSLCACertificateFile @prefix@/etc/genica.bundle
# Another bundle of CRLs. # Another bundle of CRLs.
SSLCARevocationFile @prefix@/etc/genicrl.bundle SSLCARevocationFile @prefix@/etc/genicrl.bundle
SSLCARevocationCheck chain SSLCARevocationCheck chain no_crl_for_cert_ok
WSGIDaemonProcess localstore processes=5 threads=1 python-eggs=/usr/local/ops-monitoring/local/eggs WSGIDaemonProcess localstore processes=5 threads=1 python-eggs=/usr/local/ops-monitoring/local/eggs
WSGIScriptAlias / /usr/local/ops-monitoring/local/wsgi/localstore.wsgi WSGIScriptAlias / /usr/local/ops-monitoring/local/wsgi/localstore.wsgi
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment