From cf06dd544004701ef43fa81c5b7a95353d5c1d65 Mon Sep 17 00:00:00 2001 From: Mohit Agrawal Date: Wed, 14 Mar 2018 09:37:52 +0530 Subject: glusterd: TLS verification fails while using intermediate CA Problem: TLS verification fails while using intermediate CA if mgmt SSL is enabled. Solution: There are two main issue of TLS verification failing 1) not calling ssl_api to set cert_depth 2) The current code does not allow to set certificate depth while MGMT SSL is enabled. After apply this patch to set certificate depth user need to set parameter option transport.socket.ssl-cert-depth in /var/lib/glusterd/secure_acccess instead to set in /etc/glusterfs/glusterd.vol. At the time of set secure_mgmt in ctx we will check the value of cert-depth and save the value of cert-depth in ctx.If user does not provide any value in cert-depth in that case it will consider default value is 1 BUG: 1555154 Change-Id: I89e9a9e1026e37efb5c20f9ec62b1989ef644f35 Signed-off-by: Mohit Agrawal --- heal/src/glfs-heal.c | 1 + 1 file changed, 1 insertion(+) (limited to 'heal/src') diff --git a/heal/src/glfs-heal.c b/heal/src/glfs-heal.c index 10d00e6d737..e86c76cde49 100644 --- a/heal/src/glfs-heal.c +++ b/heal/src/glfs-heal.c @@ -1661,6 +1661,7 @@ main (int argc, char **argv) if (sys_access(SECURE_ACCESS_FILE, F_OK) == 0) { fs->ctx->secure_mgmt = 1; + fs->ctx->ssl_cert_depth = glusterfs_read_secure_access_file (); } ret = glfs_set_volfile_server (fs, "unix", DEFAULT_GLUSTERD_SOCKFILE, 0); -- cgit