SSL fingerprint is deprecated

Removing all references to the old method of using fingerprints to
verify the server you are communicating with. The new way to do this
is to use the 'ca' option in bcfg2.conf along with the bcfg2 server's
CA certificate.

Signed-off-by: Sol Jerome <solj@ices.utexas.edu>

git-svn-id: https://svn.mcs.anl.gov/repos/bcfg/trunk/bcfg2@5712 ce84e21b-d406-0410-9b95-82705330c041

6 files changed, 1 insertions, 15 deletions

diff --git a/doc/authentication.txt b/doc/authentication.txt
index ae585da5b..a7baa78d2 100644
--- a/doc/authentication.txt
+++ b/doc/authentication.txt
@@ -45,16 +45,13 @@ bcfg2.conf from the per-client metadata::
     #else
     password = my-password-foobat
     #endif
-    fingerprint = d8b7423da5d8ccd0f3db29742fc8eed00b9d0848
 
     [components]
     bcfg2 = https://localhost:6789
 
 In this setup, this will cause any clients that have uuids established
 to be set to use them in bcfg2.conf. It will also cause any clients
-with passwords set to use them instead of the global password. The
-fingerprint needs to be manually set, per-server, using the output of
-"bcfg2-admin fingerprint".
+with passwords set to use them instead of the global password.
 
 How Authentication Works
 ========================
diff --git a/doc/client/tools/yumng.txt b/doc/client/tools/yumng.txt
index cb749ba7f..178bba6ec 100644
--- a/doc/client/tools/yumng.txt
+++ b/doc/client/tools/yumng.txt
@@ -136,7 +136,6 @@ A number of paramters can be set in the client configuration for both the RPMng
     protocol = xmlrpc/ssl
     password = xxxxxx
     user = yyyyyyy
-    fingerprint = 1234567890abcdef
 
     [components]
     bcfg2 = https://bcfg2:6789
diff --git a/doc/quickstart/centos.txt b/doc/quickstart/centos.txt
index d8668f0e2..4dfa70523 100644
--- a/doc/quickstart/centos.txt
+++ b/doc/quickstart/centos.txt
@@ -367,7 +367,6 @@ Generate Pkgmgr listing
 Now when we run bcfg2, we see Correct entries::
 
     [root@centos ~]# bcfg2 -vqn
-    no server x509 fingerprint; no server verification performed!
     Loaded tool drivers:
      Action       Chkconfig    FreeBSDInit  POSIX        YUMng
 
@@ -499,8 +498,6 @@ section of bcfg2.conf::
     protocol = xmlrpc/ssl
     password = N41lMNeW
     key = /etc/bcfg2.key
-    # fingerprint of server (from bcfg2-admin fingerprint)
-    #fingerprint = [server fingerprint]
 
     [components]
     bcfg2 = https://centos:6789
diff --git a/examples/TGenshi/tmp/bar/template.txt b/examples/TGenshi/tmp/bar/template.txt
index 3e43340fe..dbf482c22 100644
--- a/examples/TGenshi/tmp/bar/template.txt
+++ b/examples/TGenshi/tmp/bar/template.txt
@@ -11,7 +11,6 @@ password = $metadata.password
 password = GlobalPassword
 #end
 #end
-fingerprint = ac152f42f03253a30d3379dea88eddf2be033d47
 
 [client]
 drivers = Action,Chkconfig,POSIX,YUMng
diff --git a/man/bcfg2.1 b/man/bcfg2.1
index 582cfe34d..91e8c96ed 100644
--- a/man/bcfg2.1
+++ b/man/bcfg2.1
@@ -31,9 +31,6 @@ verify/install ConfigFiles, etc)
 .BR "\-E <encoding>"
 Specify the encoding of Cfg files.
 .TP
-.BR "\-F <f1,f2>"
-Specify the server fingerprint.
-.TP
 .BR "\-I"
 Run bcfg2 in interactive mode.  The user will be prompted before each 
 change.
diff --git a/src/lib/Options.py b/src/lib/Options.py
index a983e8827..c67fde910 100644
--- a/src/lib/Options.py
+++ b/src/lib/Options.py
@@ -274,9 +274,6 @@ CLIENT_DLIST = Option('run client in server decision list mode', default=False,
                       cmd='-l', odesc='<whitelist|blacklist>')
 CLIENT_FILE = Option('configure from a file rather than querying the server',
                      default=False, cmd='-f', odesc='<specification path>')
-SERVER_FINGERPRINT = Option('Server Fingerprint', default=[], cmd='-F',
-                            cf=('communication', 'fingerprint'),
-                            odesc='<f1,f2>', cook=flist_split)
 CLIENT_QUICK = Option('disable some checksum verification', default=False,
                       cmd='-q', )
 CLIENT_USER = Option('the user to provide for authentication', default='root',