Finally got client cert checks working with tlslite -- then promptly

disabled them again in testbed.py (commented out in generated config),
because I need to rework the internal trust anchor setup before the
up-down protocol will have a prayer of working with this enabled.

svn path=/rpkid/OPERATION; revision=1565

1 files changed, 4 insertions, 2 deletions

diff --git a/rpkid/rootd.py b/rpkid/rootd.py
index 06819ff0..feae6e91 100755
--- a/rpkid/rootd.py
+++ b/rpkid/rootd.py
@@ -177,10 +177,11 @@ cfg = rpki.config.parser(cfg_file, "rootd")
 
 cms_ta      = rpki.x509.X509(Auto_file = cfg.get("cms-ta"))
 cms_key     = rpki.x509.RSA(Auto_file = cfg.get("cms-key"))
-cms_certs   = rpki.x509.X509_chain(Auto_files = cfg.multiget("cms-certs"))
+cms_certs   = rpki.x509.X509_chain(Auto_files = cfg.multiget("cms-cert"))
 
 https_key   = rpki.x509.RSA(Auto_file = cfg.get("https-key"))
-https_certs = rpki.x509.X509_chain(Auto_files = cfg.multiget("https-certs"))
+https_certs = rpki.x509.X509_chain(Auto_files = cfg.multiget("https-cert"))
+https_ta    = rpki.x509.X509_chain(Auto_files = cfg.multiget("https-ta"))
 
 https_server_host = cfg.get("server-host", "")
 https_server_port = int(cfg.get("server-port"))
@@ -197,6 +198,7 @@ rootd_cert  = cfg.get("rootd_cert", rootd_base + "rootd.cer")
 
 rpki.https.server(privateKey    = https_key,
                   certChain     = https_certs,
+                  x509TrustList = https_ta,
                   host          = https_server_host,
                   port          = https_server_port,
                   handlers      = up_down_handler)