On 12/16/09 04:22 PM, Shawn Walker wrote:
Michal Pryc wrote:
I believe this is implemented, so I really need clarifications what
is wrong/missing. The below scenarios allows to mix http/https URLs
for origins and mirrors and prevents the addition of http URLs when
SSL Cert/Key info is defined.
------------------------
SCENARIO 1
------------------------
SYSTEM CONFIGURATION:
Configured publishers:
INSECURE (non ssl)
Origins for the SECURE:
http://origin1
Is the above supposed to be https?
No, The original Origin is http://origin1 as this is NON SSL publisher
and we are adding another SSL origin to this publisher (mixing ssl/non
ssl is allowed)
USER ACTION:
User adding another origin SECURE.
-> User types the SSL Key
-> User types the SSL Cert
-> User types origin WITH https
-> User clicks Add origin
-> User clicks OK in the modify publishe dialog
RESULT:
Origin added succesfully
I'm a little confused here. When they are adding a 'SECURE' origin to
an existing publisher or are they adding a new publisher with a
'SECURE' origin?
They are adding SECURE origin to an existing NON SECURE publisher
(mixing is allowed as you wrote and the only thing which is not allowed
is the "prevent the addition of http URLs if SSL Cert/Key info is
defined", but as I understood vice-versa works, otherwise how the users
would mix SSL/NON-SSL). This is also working from the command line, so I
don't think GUI should be different.
------------------------
SCENARIO 2
------------------------
SYSTEM CONFIGURATION:
Configured publishers:
INSECURE (non ssl)
Origins for the SECURE:
http://origin1
USER ACTION:
User adding another origin NOT SECURE with SSL Key/Cert specified
-> User types the SSL Key
-> User types the SSL Cert
-> User types origin WITHOUT https
RESULT:
Origin can not be added (Add button disabled)
Correct.
------------------------
SCENARIO 3
------------------------
SYSTEM CONFIGURATION:
Configured publishers:
SECURE (ssl)
Origins for the SECURE:
https://origin1
USER ACTION:
User adding another origin NOT SECURE with SSL Key/Cert specified
-> User types the SSL Key
-> User types the SSL Cert
-> User types origin WITHOUT https
RESULT:
Origin can not be added (Add button disabled)
Correct.
------------------------
SCENARIO 4
------------------------
SYSTEM CONFIGURATION:
Configured publishers:
SECURE (ssl)
Origins for the SECURE:
https://origin1
USER ACTION:
User adding another origin SECURE.
-> User types origin WITH https
-> User clicks Add origin
-> User clicks OK in the modify publishe dialog
RESULT:
Origin added succesfully
Correct.
To be clear, these are the valid cases:
PUBLISHER ORIGIN CERT KEY
example.com http://example.com N N
PUBLISHER ORIGIN CERT KEY
example.com https://example.com N N
PUBLISHER ORIGIN CERT KEY
example.com http://example.com N N
example.com https://example.com N N
PUBLISHER ORIGIN CERT KEY
example.com https://example.com Y Y
In short, any time Cert/Key information is defined, the user cannot
have http origins or mirrors. But if no Cert/Key information is
defined, they can have as many http or https mirrors and origins as
they desire.
_______________________________________________
pkg-discuss mailing list
[email protected]
http://mail.opensolaris.org/mailman/listinfo/pkg-discuss
