ssl: use system certificates

Rely on system certificates instead of pinning them. On Arch Linux, copy the certificate over to /etc/ca-certificates/trust-source/anchors and run trust extract-compat Signed-off-by: Ralf Ramsauer <ralf@binary-kitchen.de>
2024-12-30 13:41:50 +01:00 · 2018-10-06 03:25:48 +02:00 · 2018-10-06 03:25:48 +02:00 · be33bb71ce
commit be33bb71ce
parent 6a5987e7cb
2 changed files with 0 additions and 35 deletions
--- a/2
+++ b/2
@ -83,8 +83,6 @@ html_title = '%s (%s - v%s)' % (title, __status__, __version__)

 ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_DEMAND)
 ldap.set_option(ldap.OPT_REFERRALS, 0)
-if 'LDAP_CA' in webapp.config.keys():
-    ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, webapp.config.get('LDAP_CA'))

 ldap_uri = webapp.config.get('LDAP_URI')
 ldap_binddn = webapp.config.get('LDAP_BINDDN')
--- a/ssl/BKCA.crt
+++ b/ssl/BKCA.crt
@ -1,33 +0,0 @@
-----BEGIN CERTIFICATE-----
-MIIFuTCCA6GgAwIBAgIJANVP+EmgIyEFMA0GCSqGSIb3DQEBCwUAMHMxCzAJBgNV
-BAYTAkRFMRAwDgYDVQQIDAdCYXZhcmlhMRMwEQYDVQQHDApSZWdlbnNidXJnMRww
-GgYDVQQKDBNCaW5hcnkgS2l0Y2hlbiBlLlYuMR8wHQYDVQQDDBZCaW5hcnkgS2l0
-Y2hlbiBSb290IENBMB4XDTE1MDUyMjA3MDcyN1oXDTI1MDUxOTA3MDcyN1owczEL
-MAkGA1UEBhMCREUxEDAOBgNVBAgMB0JhdmFyaWExEzARBgNVBAcMClJlZ2Vuc2J1
-cmcxHDAaBgNVBAoME0JpbmFyeSBLaXRjaGVuIGUuVi4xHzAdBgNVBAMMFkJpbmFy
-eSBLaXRjaGVuIFJvb3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC
-AQCwBmbxYSdTH+Ti2UdjpLRbSjA4uMRjJpVus0IviOtjr5nbfx/uA4b+UuhU0FS6
-69vjuBeheu85SCQLZVA3If2qttlBNPvW8/WzQtmHqAK4jMGTIeD5PNH75bhIafMu
-LWz5nRcagWoKVeumi9dhFofuoO6uSv1BdSbwK3gYkt5guKl5Pio9HITSFP961ndQ
-n6dBLPvy4m+pJ6MZxhzaQIvxRr9uVRJieHH9Yl/CQcl2d1YQ24/KNiFFdF2NPyKE
-+eFl8UWl/6sHS8tqLwhs4qeJCL1ir/1bjr8mZigflBE4mwtuV8EDF0pWWOyYehii
-NLcS3LfLzv25N9mwhwGMJqLTDihtkcBCNx3c2qFrri1MvXy/KFrHKh2jt9pvgYDX
-M2+g+tm+aWXfylu6k1GOIByT5ALktUzhfwuxk0SdplZNUqSfu1DccvxP9hbtSZPP
-EnARbcTD/wOCSDj+nSG8scUIo3pNHddh0zx+W16kwBoNGHJX+g7vkMJikvYlHo2i
-6CRdx47MknCgj/jQSPlajxAH5zzDcABbFRoRKh/esDEeGaKMKVyKJJFlx4CmHQ53
-zc/jV3VjQo5yL1v3YUYllccZeXmGQb5UJoSRfpE+mvO9+EYAxWLydswNeQI1f1r8
-CTWlD4tT0gooZzGKpw58Zp3IacXIzjDT5Ri2xfB+Oo4WaQIDAQABo1AwTjAdBgNV
-HQ4EFgQU7MXazC3sn6xTIDkKtBv4AvYcob0wHwYDVR0jBBgwFoAU7MXazC3sn6xT
-IDkKtBv4AvYcob0wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAq/fD
-BfaVi1KjRANxHKXmADqN0UpSdVoB2qKsj9nJ07fdS38rUqA+QjU+zmCufVkmMxKf
-es3qZz5fOHkVHAiOt65XWFtYK62JByr4LomLDVDWSM4BmbU4aB8ix9ZPOr+NmB4B
-QX99w0aMknO/ohVQ7InubgsXMaKA8kggCtpBQkfwcF2ntIGvyeuPJYwAWG19iH4a
-uAvOdgyDCuta6UI5UPCdYdArFv3hn6+ht60tMdxo1qq9KUlyqZ3AX1Xd4+krLlCI
-Kp+qfcyJ1igD5wT50egOAvc9SydFaXgAUIjt3oY5YYvP+MWmVMI107jl4jfMnQeI
-G5qIEy9luhrjqJaHfLHyT10IaU/uZB7ZvZx7ElIo1YlTlIcMU8Wg6CJponDh/1aw
-PbQhtuzk60N5905zDnpSHJSa91JcpVsLPv2ykQfimA8HNH2xS7ORXUJzwvEB1vhM
-KnGMQB0px7HQtTTCKcDFeqZXygi4nXNygrp+swnO869jV4e6ReeV/RB7nxjd307J
-gpRdtBbIambnFP74nJUhRk/60VlCDz92f+CTosHM6rdlOxFyX69cZZhoCFU5u4wF
-ODqfxRzNJPhChozXcciAcLfhx89x0ob92XQenzZzFtylDvUAskhdhTMFLKGHstH7
-Q8Xr0jNYp5PaGNC5m+m9ngLYe6GzxGol7dLJElc=
-----END CERTIFICATE-----