From ead841c2f28d17e7916fba601e50763c8b01c122 Mon Sep 17 00:00:00 2001 From: Sol Jerome Date: Sat, 6 Mar 2010 20:39:12 +0000 Subject: doc: Integrate more unsorted documents Signed-off-by: Sol Jerome git-svn-id: https://svn.mcs.anl.gov/repos/bcfg/trunk/bcfg2@5754 ce84e21b-d406-0410-9b95-82705330c041 --- doc/unsorted/ssl.txt | 29 ++++++++++++++++++++++------- 1 file changed, 22 insertions(+), 7 deletions(-) (limited to 'doc/unsorted/ssl.txt') diff --git a/doc/unsorted/ssl.txt b/doc/unsorted/ssl.txt index 6189fdd3c..919f7ea71 100644 --- a/doc/unsorted/ssl.txt +++ b/doc/unsorted/ssl.txt @@ -8,9 +8,13 @@ Python SSL The ssl module can be found `here `_. -With this change, SSL certificate based client authentication is supported. In order to use this, based CA-type capabilities are required. A central CA needs to be created, with each server and all clients getting a signed cert. See [wiki:Authentication] for details. +With this change, SSL certificate based client authentication is +supported. In order to use this, based CA-type capabilities are +required. A central CA needs to be created, with each server and all +clients getting a signed cert. See [wiki:Authentication] for details. -Setting up keys is accomplished with three settings, each in the "`[communication]`" section of bcfg2.conf:: +Setting up keys is accomplished with three settings, each in the +"`[communication]`" section of bcfg2.conf:: key = /path/to/ssl private key certificate = /path/to/signed cert for that key @@ -20,14 +24,23 @@ Setting up keys is accomplished with three settings, each in the "`[communicatio Python SSL Backport Packaging ============================= -Both the Bcfg2 server and client are able to use the in-tree ssl module included with python 2.6. The client is also able to still use M2Crypto. A python ssl backport exists for 2.3, 2.4, and 2.5. With this, M2Crypto is not needed, and tlslite is no longer included with bcfg2 sources. See [wiki:Authentication] for details. +Both the Bcfg2 server and client are able to use the in-tree ssl module +included with python 2.6. The client is also able to still use M2Crypto. A +python ssl backport exists for 2.3, 2.4, and 2.5. With this, M2Crypto +is not needed, and tlslite is no longer included with bcfg2 sources. See +[wiki:Authentication] for details. -To build a package of the ssl backport for .deb based distributions that don't ship with python 2.6, you can follow these instructions, which use [http://github.com/astraw/stdeb/tree/master stdeb]. Alternatively if you happen to have .deb packaging skills, it would be great to get policy-complaint .debs into the major deb-based distributions. +To build a package of the ssl backport for .deb based distributions +that don't ship with python 2.6, you can follow these instructions, +which use `stdeb`_. Alternatively if you happen to have .deb packaging +skills, it would be great to get policy-complaint .debs into the major +deb-based distributions. + +.. _stdeb: http://github.com/astraw/stdeb/tree/master The following commands were used to generate :download:`this -` debian package ('''NOTE:''' Version -numbers for the SSL module have changed). The `easy_install` command can -be found in the `python-setuptools` package.:: +` debian package The ``easy_install`` command +can be found in the `python-setuptools` package.:: sudo aptitude install python-all-dev fakeroot sudo easy_install stdeb @@ -39,6 +52,8 @@ be found in the `python-setuptools` package.:: dpkg-buildpackage -rfakeroot -uc -us sudo dpkg -i ../python-ssl_1.14-1_amd64.deb +.. note:: Version numbers for the SSL module have changed. + For complete bcfg2 goodness, you'll also want to package stdeb using stdeb. The completed debian package can be grabbed from :download:`here `, which was generated using the following:: -- cgit v1.2.3-1-g7c22