summaryrefslogtreecommitdiffstats
path: root/doc/unsorted/ssl.txt
diff options
context:
space:
mode:
Diffstat (limited to 'doc/unsorted/ssl.txt')
-rw-r--r--doc/unsorted/ssl.txt29
1 files changed, 22 insertions, 7 deletions
diff --git a/doc/unsorted/ssl.txt b/doc/unsorted/ssl.txt
index 6189fdd3c..919f7ea71 100644
--- a/doc/unsorted/ssl.txt
+++ b/doc/unsorted/ssl.txt
@@ -8,9 +8,13 @@ Python SSL
The ssl module can be found `here <http://pypi.python.org/pypi/ssl>`_.
-With this change, SSL certificate based client authentication is supported. In order to use this, based CA-type capabilities are required. A central CA needs to be created, with each server and all clients getting a signed cert. See [wiki:Authentication] for details.
+With this change, SSL certificate based client authentication is
+supported. In order to use this, based CA-type capabilities are
+required. A central CA needs to be created, with each server and all
+clients getting a signed cert. See [wiki:Authentication] for details.
-Setting up keys is accomplished with three settings, each in the "`[communication]`" section of bcfg2.conf::
+Setting up keys is accomplished with three settings, each in the
+"`[communication]`" section of bcfg2.conf::
key = /path/to/ssl private key
certificate = /path/to/signed cert for that key
@@ -20,14 +24,23 @@ Setting up keys is accomplished with three settings, each in the "`[communicatio
Python SSL Backport Packaging
=============================
-Both the Bcfg2 server and client are able to use the in-tree ssl module included with python 2.6. The client is also able to still use M2Crypto. A python ssl backport exists for 2.3, 2.4, and 2.5. With this, M2Crypto is not needed, and tlslite is no longer included with bcfg2 sources. See [wiki:Authentication] for details.
+Both the Bcfg2 server and client are able to use the in-tree ssl module
+included with python 2.6. The client is also able to still use M2Crypto. A
+python ssl backport exists for 2.3, 2.4, and 2.5. With this, M2Crypto
+is not needed, and tlslite is no longer included with bcfg2 sources. See
+[wiki:Authentication] for details.
-To build a package of the ssl backport for .deb based distributions that don't ship with python 2.6, you can follow these instructions, which use [http://github.com/astraw/stdeb/tree/master stdeb]. Alternatively if you happen to have .deb packaging skills, it would be great to get policy-complaint .debs into the major deb-based distributions.
+To build a package of the ssl backport for .deb based distributions
+that don't ship with python 2.6, you can follow these instructions,
+which use `stdeb`_. Alternatively if you happen to have .deb packaging
+skills, it would be great to get policy-complaint .debs into the major
+deb-based distributions.
+
+.. _stdeb: http://github.com/astraw/stdeb/tree/master
The following commands were used to generate :download:`this
-<python-ssl_1.14-1_amd64.deb>` debian package ('''NOTE:''' Version
-numbers for the SSL module have changed). The `easy_install` command can
-be found in the `python-setuptools` package.::
+<python-ssl_1.14-1_amd64.deb>` debian package The ``easy_install`` command
+can be found in the `python-setuptools` package.::
sudo aptitude install python-all-dev fakeroot
sudo easy_install stdeb
@@ -39,6 +52,8 @@ be found in the `python-setuptools` package.::
dpkg-buildpackage -rfakeroot -uc -us
sudo dpkg -i ../python-ssl_1.14-1_amd64.deb
+.. note:: Version numbers for the SSL module have changed.
+
For complete bcfg2 goodness, you'll also want to package stdeb using stdeb.
The completed debian package can be grabbed from :download:`here
<python-stdeb_0.3-1_all.deb>`, which was generated using the following::
generated by cgit v1.2.3-1-g7c22 (git 2.25.1) at 2024-07-03 09:33:34 +0000