mirror of
https://github.com/openkmip/pykmip
synced 2025-12-27 21:53:39 +00:00
4c6bbae452
This change adds a server configuration option to control the enforcement of TLS certificate client authentication. Before, client TLS certificates had to include the extended key usage extension with the clientAuth bit set to be used as sources of client identity. The new configuration option, enable_tls_client_auth, allows server admins to enable/disable this requirement. The configuration setting is optional and the server defaults to the original enforcing behavior if it is not set. Admins must explicitly set the option to False to disable enforcement.
10 lines
262 B
Plaintext
10 lines
262 B
Plaintext
[server]
|
|
hostname=127.0.0.1
|
|
port=5696
|
|
certificate_path=/etc/pykmip/certs/server_cert.pem
|
|
key_path=/etc/pykmip/certs/server_private_key.pem
|
|
ca_path=/etc/pykmip/certs/server_ca_cert.pem
|
|
auth_suite=Basic
|
|
policy_path=/etc/pykmip/policies
|
|
enable_tls_client_auth=True
|