Uploaded image for project: 'CernVM'
  1. CernVM
  2. CVM-1421

Add option to use system CA certs for https server validation

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Medium
    • Resolution: Completed
    • Affects Version/s: None
    • Fix Version/s: CernVM-FS 2.5.1
    • Component/s: CVMFS
    • Labels:
      None
    • Platforms:
      x86_64-slc6-gcc48-opt
    • Development:

      Description

      Currently, at least on EL6, cvmfs only checks https server certificates against /etc/grid-security/certificates, or whatever X509_CERT_DIR is set to. It does not use the system-installed CA certs. Add an option to enable & disable this. We will then discuss whether the option should be enabled or disabled by default.

      We are particularly interested in supporting Let's Encrypt certificates & Cloudflare certificates. I believe that Cloudflare certificates will already be supported because their root COMODO CA is already supported by IGTF. I can't verify it however until CVM-1419 is done.

      I am assigning this at least initially to me to verify the behavior on EL7.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                jblomer Jakob Blomer
                Reporter:
                dwd Dave Dykstra
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  PlannedEnd:
                  PlannedStart: