23 | | We have switched to the in-tree ssl module included with python 2.6. A backport exists for 2.3, 2.4, and 2.5. With this, M2Crypto is not needed, and tlslite is no longer included with bcfg2 sources. The ssl module can be found [http://pypi.python.org/pypi/ssl/1.14 here]. |
24 | | |
25 | | '''NOTE:''' To build the module on Debian (lenny), I had to apply this [attachment:ssl-debian.patch patch] to remove bluetooth references. |
26 | | |
27 | | With this change, SSL certificate based client authentication is supported. In order to use this, based CA-type capabilities are required. A central CA needs to be created, with each server and all clients getting a signed cert. See [wiki:Authentication] for details. |
28 | | |
29 | | Setting up keys is accomplished with three settings, each in the "`[communication]`" section of bcfg2.conf: |
30 | | {{{ |
31 | | key = /path/to/ssl private key |
32 | | certificate = /path/to/signed cert for that key |
33 | | ca = /path/to/cacert.pem |
34 | | }}} |
| 23 | We have switched to the in-tree ssl module included with python 2.6. A backport exists for 2.3, 2.4, and 2.5. With this, M2Crypto is not needed, and tlslite is no longer included with bcfg2 sources. Information about building the ssl pre-req is [wiki:ssl here] |