IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

Update dogtag configuration to work after CVE-2009-3555 changes

Browse Source 
NSS is going to disallow all SSL renegotiation by default. Because of
this we need to always use the agent port of the dogtag server which
always requires SSL client authentication. The end user port will
prompt for a certificate if required but will attempt to re-do the
handshake to make this happen which will fail with newer versions of NSS.
This commit is contained in:
Rob Crittenden
2010-01-27 15:31:51 -05:00
parent c092f3780d
commit b7cda86697
3 changed files with 18 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
ipaserver/plugins/dogtag.py
View File

@@ -1509,8 +1509,8 @@ class ra(rabase.rabase):
# Call CMS
http_status, http_reason_phrase, http_headers, http_body = \
self._sslget('/ca/ee/ca/profileSubmit',
self.env.ca_ee_port,
self._sslget('/ca/agent/ca/profileSubmitSSLClient',
self.env.ca_agent_port,
profileId='caIPAserviceCert',
cert_request_type=request_type,
cert_request=csr,