upload: optionnaly verify certificate issuer dn
This commit is contained in:
parent
b6d0c87fa9
commit
49f49491e6
|
@ -80,6 +80,10 @@ def ssl_client_verify(view):
|
|||
request.host_verified = cn
|
||||
else:
|
||||
request.host_verified = dn.split(',')[0].split('=')[1]
|
||||
if settings.CA_ISSUER:
|
||||
ca_issuer = headers.get('HTTP_X_SSL_ISSUER')
|
||||
if ca_issuer != settings.CA_ISSUER:
|
||||
raise PermissionDenied
|
||||
else:
|
||||
if settings.DEBUG:
|
||||
request.host_verified = 'test_host'
|
||||
|
|
|
@ -26,6 +26,7 @@ DEBUG = False
|
|||
|
||||
ALLOWED_HOSTS = []
|
||||
|
||||
CA_ISSUER = None # dn of the trusted ca certificate; None means all (depending on the underlying haproxy/nginx configuration)
|
||||
JOURNAL_HISTORY = 7
|
||||
MAIL_HISTORY = 7
|
||||
|
||||
|
|
Reference in New Issue