diff --git a/bin/ssl/SecureXMLRPCServer.py b/bin/ssl/SecureXMLRPCServer.py index 540065b4824..8ff96989748 100644 --- a/bin/ssl/SecureXMLRPCServer.py +++ b/bin/ssl/SecureXMLRPCServer.py @@ -129,6 +129,8 @@ class SecureXMLRPCRequestHandler(SimpleXMLRPCServer.SimpleXMLRPCRequestHandler): class SecureXMLRPCServer(SimpleXMLRPCServer.SimpleXMLRPCServer, SecureTCPServer): + encoding = None + allow_none = False def __init__(self, addr, requestHandler=SecureXMLRPCRequestHandler, logRequests=1): diff --git a/bin/ssl/cert.cfg b/bin/ssl/cert.cfg new file mode 100644 index 00000000000..8cab1eeb4ca --- /dev/null +++ b/bin/ssl/cert.cfg @@ -0,0 +1,89 @@ +# X.509 Certificate options +# +# DN options + +# The organization of the subject. +organization = "Acme inc." + +# The organizational unit of the subject. +unit = "dept." + +# The locality of the subject. +# locality = + +# The state of the certificate owner. +state = "Attiki" + +# The country of the subject. Two letter code. +country = GR + +# The common name of the certificate owner. +cn = "Some company" + +# A user id of the certificate owner. +#uid = "clauper" + +# If the supported DN OIDs are not adequate you can set +# any OID here. +# For example set the X.520 Title and the X.520 Pseudonym +# by using OID and string pairs. +#dn_oid = "2.5.4.12" "Dr." "2.5.4.65" "jackal" + +# This is deprecated and should not be used in new +# certificates. +# pkcs9_email = "none@none.org" + +# The serial number of the certificate +serial = 001 + +# In how many days, counting from today, this certificate will expire. +expiration_days = 700 + +# X.509 v3 extensions + +# A dnsname in case of a WWW server. +#dns_name = "www.none.org" +#dns_name = "www.morethanone.org" + +# An IP address in case of a server. +#ip_address = "192.168.1.1" + +# An email in case of a person +email = "none@none.org" + +# An URL that has CRLs (certificate revocation lists) +# available. Needed in CA certificates. +#crl_dist_points = "http://www.getcrl.crl/getcrl/" + +# Whether this is a CA certificate or not +#ca + +# Whether this certificate will be used for a TLS client +#tls_www_client + +# Whether this certificate will be used for a TLS server +tls_www_server + +# Whether this certificate will be used to sign data (needed +# in TLS DHE ciphersuites). +#signing_key + +# Whether this certificate will be used to encrypt data (needed +# in TLS RSA ciphersuites). Note that it is prefered to use different +# keys for encryption and signing. +encryption_key + +# Whether this key will be used to sign other certificates. +#cert_signing_key + +# Whether this key will be used to sign CRLs. +#crl_signing_key + +# Whether this key will be used to sign code. +#code_signing_key + +# Whether this key will be used to sign OCSP data. +#ocsp_signing_key + +# Whether this key will be used for time stamping. +#time_stamping_key diff --git a/doc/openerp-server.conf b/doc/openerp-server.conf index 0bb48ced4b5..bdc90a8a074 100644 --- a/doc/openerp-server.conf +++ b/doc/openerp-server.conf @@ -5,6 +5,10 @@ verbose = False xmlrpc = True db_user = False db_password = False +; Uncomment these for xml-rpc over SSL +; secure = True +; sslcert = /etc/openerp/server.cert +; sslkey = /etc/openerp/server.key root_path = None soap = False translate_modules = ['all']