[Spacewalk-devel] [PATCH] fix bootstrap scripts to retrieve server cert using SSL
Hello all, My sense of paranoia tells me this should be https. Thanks, Joshua Roys From 727fb359e77d1fd5560edbe6eac552825c895167 Mon Sep 17 00:00:00 2001 From: Joshua Roys joshua.r...@gtri.gatech.edu Date: Fri, 13 Mar 2009 08:47:56 -0400 Subject: [PATCH] fix bootstrap scripts to retrieve server cert using SSL --- spacewalk/certs-tools/rhn_bootstrap_strings.py |4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) diff --git a/spacewalk/certs-tools/rhn_bootstrap_strings.py b/spacewalk/certs-tools/rhn_bootstrap_strings.py index d991d4e..1705844 100644 --- a/spacewalk/certs-tools/rhn_bootstrap_strings.py +++ b/spacewalk/certs-tools/rhn_bootstrap_strings.py @@ -248,10 +248,10 @@ echo echo * attempting to install corporate public CA cert if [ $USING_SSL -eq 1 ] ; then if [ $ORG_CA_CERT_IS_RPM_YN -eq 1 ] ; then -rpm -Uvh ${HTTP_PUB_DIRECTORY}/${ORG_CA_CERT} +rpm -Uvh ${HTTPS_PUB_DIRECTORY}/${ORG_CA_CERT} else rm -f ${ORG_CA_CERT} -$FETCH ${HTTP_PUB_DIRECTORY}/${ORG_CA_CERT} +$FETCH ${HTTPS_PUB_DIRECTORY}/${ORG_CA_CERT} mv ${ORG_CA_CERT} /usr/share/rhn/ fi fi -- 1.6.2 ___ Spacewalk-devel mailing list Spacewalk-devel@redhat.com https://www.redhat.com/mailman/listinfo/spacewalk-devel
Re: [Spacewalk-devel] [PATCH] fix bootstrap scripts to retrieve server cert using SSL
On Fri, Mar 13, 2009 at 09:33:36AM -0400, Joshua Roys wrote: Hello all, My sense of paranoia tells me this should be https. Will the https work, without certificates available on the client? -- Jan Pazdziora Senior Software Engineer, Satellite Engineering, Red Hat ___ Spacewalk-devel mailing list Spacewalk-devel@redhat.com https://www.redhat.com/mailman/listinfo/spacewalk-devel
Re: [Spacewalk-devel] [PATCH] fix bootstrap scripts to retrieve server cert using SSL
Jan Pazdziora wrote: On Fri, Mar 13, 2009 at 09:33:36AM -0400, Joshua Roys wrote: Hello all, My sense of paranoia tells me this should be https. Will the https work, without certificates available on the client? If wget is used with the --no-check-certificate option, which is checked for availability in the bootstrap.sh script. curl uses -k, which does the same thing. But I guess it's a chicken and egg thing - maybe we could print out some of the certificate info and hope the admin checks it by hand? ___ Spacewalk-devel mailing list Spacewalk-devel@redhat.com https://www.redhat.com/mailman/listinfo/spacewalk-devel