Changes between Version 33 and Version 34 of TrackingDevelopmentTrunk


Ignore:
Timestamp:
05/29/09 11:22:25 (13 years ago)
Author:
bradshaw
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • TrackingDevelopmentTrunk

    v33 v34  
    2121=== SSL Changes === 
    2222 
    23 We have switched to the in-tree ssl module included with python 2.6. A backport exists for 2.3, 2.4, and 2.5. With this, M2Crypto is not needed, and tlslite is no longer included with bcfg2 sources. The ssl module can be found [http://pypi.python.org/pypi/ssl/1.14 here]. 
    24  
    25 '''NOTE:''' To build the module on Debian (lenny), I had to apply this [attachment:ssl-debian.patch patch] to remove bluetooth references. 
    26  
    27 With this change, SSL certificate based client authentication is supported. In order to use this, based CA-type capabilities are required. A central CA needs to be created, with each server and all clients getting a signed cert. See [wiki:Authentication] for details.  
    28  
    29 Setting up keys is accomplished with three settings, each in the "`[communication]`" section of bcfg2.conf: 
    30 {{{ 
    31 key = /path/to/ssl private key 
    32 certificate = /path/to/signed cert for that key 
    33 ca = /path/to/cacert.pem 
    34 }}} 
     23We have switched to the in-tree ssl module included with python 2.6. A backport exists for 2.3, 2.4, and 2.5. With this, M2Crypto is not needed, and tlslite is no longer included with bcfg2 sources. Information about building the ssl pre-req is [wiki:ssl here] 
    3524 
    3625=== bcfg2.conf changes ===