From e5bc5503d71cdb7e3aa96f7590fdbbe5ca96dd3d Mon Sep 17 00:00:00 2001 From: "P. Christeas" Date: Tue, 23 Nov 2010 15:58:44 +0200 Subject: [PATCH] setup: The ssl certs should *not* be distributed. The meaning of any SSL certificate (even self-signed) is that it uniquely identifies the server. So, if we have a generic cert distributed with our packaging, we break that. We could not even generate a cert at the "build" stage of our server, because that would be included in the packages. If anybody needs to run OpenERP with SSL, they will need to generate the certificate at the target server, possibly using ssl-cert.cfg as a sample. Also, the "ssl" directory under bin/ would confuse some pythonic code that had tried to "import ssl" (eg. urllib.py). bzr revid: p_christ@hol.gr-20101123135844-nr8k78qrmlyn19xb --- bin/server.cert | 14 -------------- bin/server.pkey | 15 --------------- setup.py | 8 ++------ bin/ssl/cert.cfg => ssl-cert.cfg | 8 ++++---- 4 files changed, 6 insertions(+), 39 deletions(-) delete mode 100644 bin/server.cert delete mode 100644 bin/server.pkey rename bin/ssl/cert.cfg => ssl-cert.cfg (96%) diff --git a/bin/server.cert b/bin/server.cert deleted file mode 100644 index de04f1ca33d..00000000000 --- a/bin/server.cert +++ /dev/null @@ -1,14 +0,0 @@ ------BEGIN CERTIFICATE----- -MIICNDCCAZ0CAQEwDQYJKoZIhvcNAQEEBQAweTEQMA4GA1UEChMHVGlueUVSUDEM -MAoGA1UECxMDRVJQMRkwFwYJKoZIhvcNAQkBFgpmcEB0aW55LmJlMRAwDgYDVQQH -EwdXYWxoYWluMQswCQYDVQQIEwJCVzELMAkGA1UEBhMCQkUxEDAOBgNVBAMTB1Rp -bnlFUlAwHhcNMDYwNTI0MDgzODUxWhcNMDcwNTI0MDgzODUxWjBMMQswCQYDVQQG -EwJCRTELMAkGA1UECBMCQlcxEDAOBgNVBAoTB1RpbnlFUlAxDDAKBgNVBAsTA0VS -UDEQMA4GA1UEAxMHVGlueUVSUDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA -xzIDlU2PrczPsgXtxCskYxuwMPgNCNSCBfWsUZ9nJzlZfRAEXEq4LxaTPIgkzkIF -82bmJLgFz6/CyCFid4mkBLQBj30Opp2Vco39WRncNKHKxbk+/wZpZtQ0bSpvf+F4 -MBqCLldYIqsoyenombVCb8X62IUu0ENF1wR22owvyKcCAwEAATANBgkqhkiG9w0B -AQQFAAOBgQB2yUqJ3gbQ8I6rcmaVJlcLDHfC5w1Jr1cUzcJevOPh3wygSZYYoUoe -yeYlzEag/DpPSHyRiJJVOKdiwU0yfmZPhfDNtDiBr47bz8qzIsYq5VeMmSeXrq/f -AA3iI4xE8YFzJHWtiBCqqyUok+j9pVad7iV7+UVIePHZLEkGGWIjDA== ------END CERTIFICATE----- diff --git a/bin/server.pkey b/bin/server.pkey deleted file mode 100644 index 1b1b7d63942..00000000000 --- a/bin/server.pkey +++ /dev/null @@ -1,15 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIICXAIBAAKBgQDHMgOVTY+tzM+yBe3EKyRjG7Aw+A0I1IIF9axRn2cnOVl9EARc -SrgvFpM8iCTOQgXzZuYkuAXPr8LIIWJ3iaQEtAGPfQ6mnZVyjf1ZGdw0ocrFuT7/ -Bmlm1DRtKm9/4XgwGoIuV1giqyjJ6eiZtUJvxfrYhS7QQ0XXBHbajC/IpwIDAQAB -AoGAVwAxMHS/3FkoHckZICT3r5HYUosEpmaqo4+5w6yrkSYrP8RPI0A/UdG6XSXZ -bXzIvJakzkTRxPQvTtnF+A/V4rF9hxwB8cGXSywv5eDGmZ91qIsxY7Sv99VqSKNH -dNr9aZHloTvI51e/oramIJ/O3A+TbAS5i+u1DJC2IIFJcAECQQD8iRPTlPIqzjYD -Lg7KYGvwW9TE4ONAhC86kJbzV5o3amlV5duJgnkl/mNlfN1ihA7f3Gx9dfCjfRKp -V1rcjtCBAkEAye2aMw2v1m+MEqcPxyTUzVf5Y8BIXWbk15T43czXec9YclZSOBCX -Dgv4a3Fk+yxQUE0cZUH0U4FJq6mTgpuFJwJASFqZ9KATNlJ4xTZ4BGHV6zrUXkg0 -tDJrObNdnID37XKulW7TFLXuMgWNwvEgmO5POLJ13whglubp5tzhapn8gQJAJz9Z -U0b7wFAaB54VAP31ppvMy0iaSB0xqX05CdNAplpYtJB2lpMS6RYGiMuXdwJb8d+q -/ztcg8aDTSw+kYoszQJBAPBrt694VkGT1k9Be6e5wyVDrE05bkHhFxPk/HMeWMDX -sZqHPs9vVaLBqu/uU84FdwRMOV71RG90g6eUEl7HWsg= ------END RSA PRIVATE KEY----- diff --git a/setup.py b/setup.py index c1b348503a5..894c7f7c11e 100755 --- a/setup.py +++ b/setup.py @@ -103,9 +103,7 @@ def data_files(): files.append((root, [join(root, name) for name in names])) #for root, _, names in os.walk('pixmaps'): # files.append((root, [join(root, name) for name in names])) - files.append(('.', [join('bin', 'import_xml.rng'), - join('bin', 'server.pkey'), - join('bin', 'server.cert')])) + files.append(('.', [join('bin', 'import_xml.rng'),])) else: man_directory = join('share', 'man') files.append((join(man_directory, 'man1'), ['man/openerp-server.1'])) @@ -120,9 +118,7 @@ def data_files(): openerp_site_packages = join(get_python_lib(prefix=''), 'openerp-server') - files.append((openerp_site_packages, [join('bin', 'import_xml.rng'), - join('bin', 'server.pkey'), - join('bin', 'server.cert')])) + files.append((openerp_site_packages, [join('bin', 'import_xml.rng'),])) if sys.version_info[0:2] == (2,5): files.append((openerp_site_packages, [ join('python25-compat','BaseHTTPServer.py'), diff --git a/bin/ssl/cert.cfg b/ssl-cert.cfg similarity index 96% rename from bin/ssl/cert.cfg rename to ssl-cert.cfg index 8cab1eeb4ca..08ca7b5757e 100644 --- a/bin/ssl/cert.cfg +++ b/ssl-cert.cfg @@ -3,19 +3,19 @@ # DN options # The organization of the subject. -organization = "Acme inc." +organization = "Some organization." # The organizational unit of the subject. -unit = "dept." +unit = "ERP dept." # The locality of the subject. # locality = # The state of the certificate owner. -state = "Attiki" +state = "State" # The country of the subject. Two letter code. -country = GR +country = BE # The common name of the certificate owner. cn = "Some company"