Michal Pryc wrote:
I believe this is implemented, so I really need clarifications what is
wrong/missing. The below scenarios allows to mix http/https URLs for
origins and mirrors and prevents the addition of http URLs when SSL
Cert/Key info is defined.
------------------------
SCENARIO 1
------------------------
SYSTEM CONFIGURATION:
Configured publishers:
INSECURE (non ssl)
Origins for the SECURE:
http://origin1
Is the above supposed to be https?
USER ACTION:
User adding another origin SECURE.
-> User types the SSL Key
-> User types the SSL Cert
-> User types origin WITH https
-> User clicks Add origin
-> User clicks OK in the modify publishe dialog
RESULT:
Origin added succesfully
I'm a little confused here. When they are adding a 'SECURE' origin to
an existing publisher or are they adding a new publisher with a 'SECURE'
origin?
------------------------
SCENARIO 2
------------------------
SYSTEM CONFIGURATION:
Configured publishers:
INSECURE (non ssl)
Origins for the SECURE:
http://origin1
USER ACTION:
User adding another origin NOT SECURE with SSL Key/Cert specified
-> User types the SSL Key
-> User types the SSL Cert
-> User types origin WITHOUT https
RESULT:
Origin can not be added (Add button disabled)
Correct.
------------------------
SCENARIO 3
------------------------
SYSTEM CONFIGURATION:
Configured publishers:
SECURE (ssl)
Origins for the SECURE:
https://origin1
USER ACTION:
User adding another origin NOT SECURE with SSL Key/Cert specified
-> User types the SSL Key
-> User types the SSL Cert
-> User types origin WITHOUT https
RESULT:
Origin can not be added (Add button disabled)
Correct.
------------------------
SCENARIO 4
------------------------
SYSTEM CONFIGURATION:
Configured publishers:
SECURE (ssl)
Origins for the SECURE:
https://origin1
USER ACTION:
User adding another origin SECURE.
-> User types origin WITH https
-> User clicks Add origin
-> User clicks OK in the modify publishe dialog
RESULT:
Origin added succesfully
Correct.
To be clear, these are the valid cases:
PUBLISHER ORIGIN CERT KEY
example.com http://example.com N N
PUBLISHER ORIGIN CERT KEY
example.com https://example.com N N
PUBLISHER ORIGIN CERT KEY
example.com http://example.com N N
example.com https://example.com N N
PUBLISHER ORIGIN CERT KEY
example.com https://example.com Y Y
In short, any time Cert/Key information is defined, the user cannot have
http origins or mirrors. But if no Cert/Key information is defined,
they can have as many http or https mirrors and origins as they desire.
--
Shawn Walker
_______________________________________________
pkg-discuss mailing list
[email protected]
http://mail.opensolaris.org/mailman/listinfo/pkg-discuss
