zydronium/internetee-registry
1
0
Fork 0
mirror of https://github.com/internetee/registry.git synced 2025-07-01 08:43:37 +02:00
Code Issues Projects Releases Packages Wiki Activity

Update readme

Browse source
This commit is contained in:
Martin Lensment 2015-05-21 17:34:51 +03:00
parent c67f51060f
commit 024df874ac
3 changed files with 11 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

11
README.md
View file

@ -195,10 +195,12 @@ Registrar configuration (/etc/apache2/sites-enabled/registrar.conf) is as follow
# Uncomment in Apache 2.4 # Uncomment in Apache 2.4
# SSLCARevocationCheck chain # SSLCARevocationCheck chain
RequestHeader set SSL_CLIENT_S_DN_CN "%{SSL_CLIENT_S_DN_CN}s" RequestHeader set SSL_CLIENT_S_DN_CN ""
RequestHeader set SSL_CLIENT_CERT ""
<Location /registrar/sessions> <Location /registrar/sessions>
SSLVerifyClient require SSLVerifyClient require
RequestHeader set SSL_CLIENT_S_DN_CN "%{SSL_CLIENT_S_DN_CN}s" RequestHeader set SSL_CLIENT_S_DN_CN "%{SSL_CLIENT_S_DN_CN}s"
RequestHeader set SSL_CLIENT_CERT "%{SSL_CLIENT_CERT}s"
</Location> </Location>
<Location /registrar/id> <Location /registrar/id>
@ -276,10 +278,12 @@ Registrant configuration (/etc/apache2/sites-enabled/registrant.conf) is as foll
# Uncomment in Apache 2.4 # Uncomment in Apache 2.4
# SSLCARevocationCheck chain # SSLCARevocationCheck chain
RequestHeader set SSL_CLIENT_S_DN_CN "%{SSL_CLIENT_S_DN_CN}s" RequestHeader set SSL_CLIENT_S_DN_CN ""
RequestHeader set SSL_CLIENT_CERT ""
<Location /registrant/sessions> <Location /registrant/sessions>
SSLVerifyClient require SSLVerifyClient require
RequestHeader set SSL_CLIENT_S_DN_CN "%{SSL_CLIENT_S_DN_CN}s" RequestHeader set SSL_CLIENT_S_DN_CN "%{SSL_CLIENT_S_DN_CN}s"
RequestHeader set SSL_CLIENT_CERT "%{SSL_CLIENT_CERT}s"
</Location> </Location>
<Location /registrant/id> <Location /registrant/id>
@ -312,6 +316,7 @@ For Apache, REPP goes to port 443 in production, /etc/apache2/sites-enabled/repp
SSLCARevocationCheck chain SSLCARevocationCheck chain
RequestHeader set SSL_CLIENT_S_DN_CN "" RequestHeader set SSL_CLIENT_S_DN_CN ""
RequestHeader set SSL_CLIENT_CERT ""
<Location /> <Location />
Allow from none Allow from none
@ -322,6 +327,7 @@ For Apache, REPP goes to port 443 in production, /etc/apache2/sites-enabled/repp
Allow from all Allow from all
SSLVerifyClient require SSLVerifyClient require
RequestHeader set SSL_CLIENT_S_DN_CN "%{SSL_CLIENT_S_DN_CN}s" RequestHeader set SSL_CLIENT_S_DN_CN "%{SSL_CLIENT_S_DN_CN}s"
RequestHeader set SSL_CLIENT_CERT "%{SSL_CLIENT_CERT}s"
</Location> </Location>
</VirtualHost> </VirtualHost>
``` ```
@ -346,6 +352,7 @@ Be sure to update paths to match your system configuration.
# SSLCARevocationCheck chain # SSLCARevocationCheck chain
RequestHeader set SSL_CLIENT_S_DN_CN "%{SSL_CLIENT_S_DN_CN}s" RequestHeader set SSL_CLIENT_S_DN_CN "%{SSL_CLIENT_S_DN_CN}s"
RequestHeader set SSL_CLIENT_CERT "%{SSL_CLIENT_CERT}s"
EPPEngine On EPPEngine On
EPPCommandRoot /proxy/command EPPCommandRoot /proxy/command

1
app/controllers/registrar/sessions_controller.rb
View file

@ -27,6 +27,7 @@ class Registrar::SessionsController < Devise::SessionsController
@depp_user.errors.add(:base, :webserver_user_name_directive_should_be_required) @depp_user.errors.add(:base, :webserver_user_name_directive_should_be_required)
end end
logger.error request.env['SSL_CLIENT_CERT']
if @depp_user.pki && request.env['HTTP_SSL_CLIENT_S_DN_CN'] != params[:depp_user][:tag] if @depp_user.pki && request.env['HTTP_SSL_CLIENT_S_DN_CN'] != params[:depp_user][:tag]
@depp_user.errors.add(:base, :invalid_cert) @depp_user.errors.add(:base, :invalid_cert)
end end

2
config/schedule.rb
View file

@ -24,6 +24,6 @@ every :day, at: '12:10pm' do
runner 'Invoice.cancel_overdue_invoices' runner 'Invoice.cancel_overdue_invoices'
end end
every 6.hours do every 3.hours do
runner 'Certificate.update_crl' runner 'Certificate.update_crl'
end end