summaryrefslogtreecommitdiffstats
path: root/src/lib/Bcfg2/Client/Tools/APT.py
diff options
context:
space:
mode:
authorAlexander Sulfrian <asulfrian@zedat.fu-berlin.de>2022-01-16 03:34:12 +0100
committerAlexander Sulfrian <asulfrian@zedat.fu-berlin.de>2022-01-16 03:34:12 +0100
commitf99adfc3e26dc4e49da79399f97c1cd1765068c8 (patch)
tree33e961787b39115657b3bd5e0f401f19c4fdf131 /src/lib/Bcfg2/Client/Tools/APT.py
parent8605cd3d0cb4d549cb8b43de945d447f6d82892a (diff)
downloadbcfg2-f99adfc3e26dc4e49da79399f97c1cd1765068c8.tar.gz
bcfg2-f99adfc3e26dc4e49da79399f97c1cd1765068c8.tar.bz2
bcfg2-f99adfc3e26dc4e49da79399f97c1cd1765068c8.zip
SSLCA: Fix certificate validation
We should favour "-trusted" over "-CAfile" because it will skip the system-wide CAs and ensure that the certificate is relay validated against the specified CA. For validation against an intermediate certificate, only an additional "-partial_chain" is required. With "-untrusted" we previously added an unstrusted intermediate certificate only and validated the cert against default system wide installed CAs.
Diffstat (limited to 'src/lib/Bcfg2/Client/Tools/APT.py')
0 files changed, 0 insertions, 0 deletions
generated by cgit v1.2.3-1-g7c22 (git 2.25.1) at 2024-07-08 21:34:02 +0000