mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2025-02-25 18:55:28 -06:00
mod_ssl: add SSLVerifyDepth for external CA installs
mod_ssl's limiting of client cert verification depth was causing the replica installs to fail when master had been installed with external CA since the SSLCACertificateFile was pointing to a file with more than one certificate. This is caused by the default SSLVerifyDepth value of 1. We set it to 5 as that should be just about enough even for possible sub-CAs. https://pagure.io/freeipa/issue/7530 Reviewed-By: Christian Heimes <cheimes@redhat.com> Reviewed-By: Rob Crittenden <rcritten@redhat.com>
This commit is contained in:
Stanislav Laznicka
@@ -319,3 +319,6 @@ USER_CACHE_PATH = (
|
||||
)
|
||||
|
||||
SOFTHSM_DNSSEC_TOKEN_LABEL = u'ipaDNSSEC'
|
||||
# Apache's mod_ssl SSLVerifyDepth value (Maximum depth of CA
|
||||
# Certificates in Client Certificate verification)
|
||||
MOD_SSL_VERIFY_DEPTH = '5'
|
||||
|
||||
Reference in New Issue
Block a user