[Pulp-list] Certificate Verification Failure Debugging
Jay Dobies
jason.dobies at redhat.com
Wed Jan 25 19:25:44 UTC 2012
On 01/25/2012 12:03 PM, John Matthews wrote:
> We added 2 config options which will log more information about certificate verification failures.
>
> $ cat /etc/pulp/repo_auth.conf
> [main]
> enabled: false
> log_failed_cert: true
> log_failed_cert_verbose: false
>
> If a certificate fails verification we will log summary info about each Certificate/CA/CRL, additionally you may enable 'log_failed_cert_verbose' and it will output the full decoded text of the Certificate to verify as well.
>
>
> https://fedorahosted.org/pulp/wiki/Certificates/Debugging
This is a really important addition. It's frustrating to get an
unauthorized but have no idea why, so having some visibility into why
someone was refused instead of having to manually piece through the
certificate and CAs is going to go a long way. Nicely done.
--
Jay Dobies
Freenode: jdob @ #pulp
http://pulpproject.org | http://blog.pulpproject.org
More information about the Pulp-list
mailing list