[Spacewalk-devel] [PATCH] fix bootstrap scripts to retrieve server cert using SSL
Hello all,
My sense of paranoia tells me this should be https.
Thanks,
Joshua Roys
From 727fb359e77d1fd5560edbe6eac552825c895167 Mon Sep 17 00:00:00 2001
From: Joshua Roys joshua.r...@gtri.gatech.edu
Date: Fri, 13 Mar 2009 08:47:56 -0400
Subject: [PATCH] fix bootstrap scripts to retrieve server cert using SSL
---
spacewalk/certs-tools/rhn_bootstrap_strings.py |4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/spacewalk/certs-tools/rhn_bootstrap_strings.py b/spacewalk/certs-tools/rhn_bootstrap_strings.py
index d991d4e..1705844 100644
--- a/spacewalk/certs-tools/rhn_bootstrap_strings.py
+++ b/spacewalk/certs-tools/rhn_bootstrap_strings.py
@@ -248,10 +248,10 @@ echo
echo * attempting to install corporate public CA cert
if [ $USING_SSL -eq 1 ] ; then
if [ $ORG_CA_CERT_IS_RPM_YN -eq 1 ] ; then
-rpm -Uvh ${HTTP_PUB_DIRECTORY}/${ORG_CA_CERT}
+rpm -Uvh ${HTTPS_PUB_DIRECTORY}/${ORG_CA_CERT}
else
rm -f ${ORG_CA_CERT}
-$FETCH ${HTTP_PUB_DIRECTORY}/${ORG_CA_CERT}
+$FETCH ${HTTPS_PUB_DIRECTORY}/${ORG_CA_CERT}
mv ${ORG_CA_CERT} /usr/share/rhn/
fi
fi
--
1.6.2
___
Spacewalk-devel mailing list
Spacewalk-devel@redhat.com
https://www.redhat.com/mailman/listinfo/spacewalk-devel
Re: [Spacewalk-devel] [PATCH] fix bootstrap scripts to retrieve server cert using SSL
On Fri, Mar 13, 2009 at 09:33:36AM -0400, Joshua Roys wrote: Hello all, My sense of paranoia tells me this should be https. Will the https work, without certificates available on the client? -- Jan Pazdziora Senior Software Engineer, Satellite Engineering, Red Hat ___ Spacewalk-devel mailing list Spacewalk-devel@redhat.com https://www.redhat.com/mailman/listinfo/spacewalk-devel
Re: [Spacewalk-devel] [PATCH] fix bootstrap scripts to retrieve server cert using SSL
Jan Pazdziora wrote: On Fri, Mar 13, 2009 at 09:33:36AM -0400, Joshua Roys wrote: Hello all, My sense of paranoia tells me this should be https. Will the https work, without certificates available on the client? If wget is used with the --no-check-certificate option, which is checked for availability in the bootstrap.sh script. curl uses -k, which does the same thing. But I guess it's a chicken and egg thing - maybe we could print out some of the certificate info and hope the admin checks it by hand? ___ Spacewalk-devel mailing list Spacewalk-devel@redhat.com https://www.redhat.com/mailman/listinfo/spacewalk-devel
