WarlockFish/fedora-infra_ansible
1
0
Fork 0
mirror of https://pagure.io/fedora-infra/ansible.git synced 2026-05-04 01:32:20 +08:00
Code Issues Packages Projects Releases Wiki Activity

Fix koji client cert authentication with OpenSSL 1.1.0

Browse Source 
Turns out that renegotiation is broken in OpenSSL 1.1.0, so we allow
clients to send their certificates (but not require them) from the
very first connection on, so that they don't have to renegotiate.

Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
This commit is contained in:
Patrick Uiterwijk
2016-11-11 23:38:41 +00:00
parent 402f919bb3
commit 934cbf8d70
1 changed files with 1 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
roles/koji_hub/templates/kojihub.conf.j2
View File

@@ -24,6 +24,7 @@ Alias /kojifiles "/mnt/koji/"
</Directory>
{% endif %}
SSLVerifyClient optional
<Location /kojihub/ssllogin>
SSLVerifyClient require
SSLVerifyDepth 10