diff options
| author | Rob Austein <sra@hactrn.net> | 2008-03-27 23:40:44 +0000 |
|---|---|---|
| committer | Rob Austein <sra@hactrn.net> | 2008-03-27 23:40:44 +0000 |
| commit | 5aa99a66a4cd1064eda1880879e034b7ae8058ac (patch) | |
| tree | 631cbfda17e2ce633228795afe702d07db922ab8 /rpkid/rpkid.py | |
| parent | e1e5eb6d4541d865b1fcda093c90da8ba93b537b (diff) | |
Finally got client cert checks working with tlslite -- then promptly
disabled them again in testbed.py (commented out in generated config),
because I need to rework the internal trust anchor setup before the
up-down protocol will have a prayer of working with this enabled.
svn path=/rpkid/OPERATION; revision=1565
Diffstat (limited to 'rpkid/rpkid.py')
| -rwxr-xr-x | rpkid/rpkid.py | 16 |
1 files changed, 9 insertions, 7 deletions
diff --git a/rpkid/rpkid.py b/rpkid/rpkid.py index 5779753b..cb142da4 100755 --- a/rpkid/rpkid.py +++ b/rpkid/rpkid.py @@ -87,14 +87,15 @@ class global_context(object): passwd = cfg.get("sql-password")) self.cur = self.db.cursor() - self.cms_ta_irdb = rpki.x509.X509(Auto_file = cfg.get("cms-ta-irdb")) - self.cms_ta_irbe = rpki.x509.X509(Auto_file = cfg.get("cms-ta-irbe")) - self.cms_key = rpki.x509.RSA(Auto_file = cfg.get("cms-key")) - self.cms_certs = rpki.x509.X509_chain(Auto_files = cfg.multiget("cms-cert")) + self.cms_ta_irdb = rpki.x509.X509(Auto_file = cfg.get("cms-ta-irdb")) + self.cms_ta_irbe = rpki.x509.X509(Auto_file = cfg.get("cms-ta-irbe")) + self.cms_key = rpki.x509.RSA(Auto_file = cfg.get("cms-key")) + self.cms_certs = rpki.x509.X509_chain(Auto_files = cfg.multiget("cms-cert")) - self.https_key = rpki.x509.RSA(Auto_file = cfg.get("https-key")) - self.https_certs = rpki.x509.X509_chain(Auto_files = cfg.multiget("https-cert")) - self.https_ta = rpki.x509.X509_chain(Auto_files = cfg.multiget("https-ta")) + self.https_key = rpki.x509.RSA(Auto_file = cfg.get("https-key")) + self.https_certs = rpki.x509.X509_chain(Auto_files = cfg.multiget("https-cert")) + self.https_ta_irdb = rpki.x509.X509_chain(Auto_files = cfg.multiget("https-ta-irdb")) + self.https_ta_irbe = rpki.x509.X509_chain(Auto_files = cfg.multiget("https-ta-irbe")) self.irdb_url = cfg.get("irdb-url") @@ -130,6 +131,7 @@ gctx = global_context(cfg) rpki.https.server(privateKey = gctx.https_key, certChain = gctx.https_certs, + x509TrustList = gctx.https_ta_irbe, host = gctx.https_server_host, port = gctx.https_server_port, handlers=(("/left-right", left_right_handler), |