From a2b8b3282bc07e1db362d2edd51d2bee3e425d57 Mon Sep 17 00:00:00 2001 From: Sol Jerome Date: Wed, 15 Oct 2014 14:25:40 -0500 Subject: Proxy.py: Pass through SSL protocol option Previously we were not passing through the SSL protocol specified in the client's bcfg2.conf which caused it to unconditionally be set to xmlrpc/ssl. While this appears to automagically work with newer versions of openssl, the version in e.g. centos5 will fail if the server is set to use TLSv1. This commit passes through the setting from the client's bcfg2.conf so that older clients can talk to servers which are set to TLSv1 (in order to mitigate the effects of POODLE). Signed-off-by: Sol Jerome --- src/lib/Bcfg2/Options.py | 1 + 1 file changed, 1 insertion(+) (limited to 'src/lib/Bcfg2/Options.py') diff --git a/src/lib/Bcfg2/Options.py b/src/lib/Bcfg2/Options.py index 206c63d4f..33b395b2e 100644 --- a/src/lib/Bcfg2/Options.py +++ b/src/lib/Bcfg2/Options.py @@ -1292,6 +1292,7 @@ CLIENT_COMMON_OPTIONS = \ drivers=CLIENT_DRIVERS, dryrun=CLIENT_DRYRUN, paranoid=CLIENT_PARANOID, + protocol=SERVER_PROTOCOL, ppath=PARANOID_PATH, max_copies=PARANOID_MAX_COPIES, bundle=CLIENT_BUNDLE, -- cgit v1.2.3-1-g7c22