Update readme

2025-07-01 08:43:37 +02:00 · 2015-05-21 17:34:51 +03:00 · 2015-05-21 17:34:51 +03:00 · 024df874ac
commit 024df874ac
parent c67f51060f
3 changed files with 11 additions and 3 deletions
--- a/README.md
+++ b/README.md
@ -195,10 +195,12 @@ Registrar configuration (/etc/apache2/sites-enabled/registrar.conf) is as follow
  # Uncomment in Apache 2.4
  # SSLCARevocationCheck chain

-  RequestHeader set SSL_CLIENT_S_DN_CN "%{SSL_CLIENT_S_DN_CN}s"
+  RequestHeader set SSL_CLIENT_S_DN_CN ""
+  RequestHeader set SSL_CLIENT_CERT ""
  <Location /registrar/sessions>
      SSLVerifyClient require
      RequestHeader set SSL_CLIENT_S_DN_CN "%{SSL_CLIENT_S_DN_CN}s"
+      RequestHeader set SSL_CLIENT_CERT "%{SSL_CLIENT_CERT}s"
  </Location>

  <Location /registrar/id>
@ -276,10 +278,12 @@ Registrant configuration (/etc/apache2/sites-enabled/registrant.conf) is as foll
    # Uncomment in Apache 2.4
    # SSLCARevocationCheck chain

-    RequestHeader set SSL_CLIENT_S_DN_CN "%{SSL_CLIENT_S_DN_CN}s"
+    RequestHeader set SSL_CLIENT_S_DN_CN ""
+    RequestHeader set SSL_CLIENT_CERT ""
    <Location /registrant/sessions>
        SSLVerifyClient require
        RequestHeader set SSL_CLIENT_S_DN_CN "%{SSL_CLIENT_S_DN_CN}s"
+        RequestHeader set SSL_CLIENT_CERT "%{SSL_CLIENT_CERT}s"
    </Location>

    <Location /registrant/id>
@ -312,6 +316,7 @@ For Apache, REPP goes to port 443 in production, /etc/apache2/sites-enabled/repp
    SSLCARevocationCheck chain

    RequestHeader set SSL_CLIENT_S_DN_CN ""
+    RequestHeader set SSL_CLIENT_CERT ""

    <Location />
        Allow from none
@ -322,6 +327,7 @@ For Apache, REPP goes to port 443 in production, /etc/apache2/sites-enabled/repp
        Allow from all
        SSLVerifyClient require
        RequestHeader set SSL_CLIENT_S_DN_CN "%{SSL_CLIENT_S_DN_CN}s"
+        RequestHeader set SSL_CLIENT_CERT "%{SSL_CLIENT_CERT}s"
    </Location>
 </VirtualHost>
 ```
@ -346,6 +352,7 @@ Be sure to update paths to match your system configuration.
      # SSLCARevocationCheck chain

      RequestHeader set SSL_CLIENT_S_DN_CN "%{SSL_CLIENT_S_DN_CN}s"
+      RequestHeader set SSL_CLIENT_CERT "%{SSL_CLIENT_CERT}s"

      EPPEngine On
      EPPCommandRoot          /proxy/command
--- a/app/controllers/registrar/sessions_controller.rb
+++ b/app/controllers/registrar/sessions_controller.rb
@ -27,6 +27,7 @@ class Registrar::SessionsController < Devise::SessionsController
      @depp_user.errors.add(:base, :webserver_user_name_directive_should_be_required)
    end

+    logger.error request.env['SSL_CLIENT_CERT']
    if @depp_user.pki && request.env['HTTP_SSL_CLIENT_S_DN_CN'] != params[:depp_user][:tag]
      @depp_user.errors.add(:base, :invalid_cert)
    end
--- a/config/schedule.rb
+++ b/config/schedule.rb
@ -24,6 +24,6 @@ every :day, at: '12:10pm' do
  runner 'Invoice.cancel_overdue_invoices'
 end

-every 6.hours do
+every 3.hours do
  runner 'Certificate.update_crl'
 end