Package: freedombox-setup Severity: wishlist Tags: patch We will need to switch from mod_ssl to mod_gnutls to (eventually) enable PGP client certificate authentication. Not all of the required pieces are available yet. However, I suggest we can make the switch to mod_gnutls now, so we can thoroughly test it integrated with the rest of FreedomBox.
This change also requires a small workaround for plinth's ssl configuration. I made a pull request for that change: https://github.com/freedombox/Plinth/pull/223 -- James
From 902e8947d23a4d5e234e2b3d30e152180d499b65 Mon Sep 17 00:00:00 2001
From: James Valleroy <jvalle...@mailbox.org>
Date: Tue, 8 Sep 2015 20:44:45 -0400
Subject: [PATCH] Switch from mod_ssl to mod_gnutls.
---
debian/control | 1 +
setup.d/90_apache2 | 8 +++++---
2 files changed, 6 insertions(+), 3 deletions(-)
diff --git a/debian/control b/debian/control
index a300bcd..4c96fbc 100644
--- a/debian/control
+++ b/debian/control
@@ -45,6 +45,7 @@ Depends: ${misc:Depends}
, iptables
, iputils-ping
, iw
+ , libapache2-mod-gnutls
, libnss-gw-name
, libnss-mdns
, libnss-myhostname
diff --git a/setup.d/90_apache2 b/setup.d/90_apache2
index 4fd7dc1..8c75f0e 100755
--- a/setup.d/90_apache2
+++ b/setup.d/90_apache2
@@ -13,8 +13,9 @@ a2enmod mpm_prefork
# enable miscellaneous modules.
a2enmod rewrite
-# enable SSL
-a2enmod ssl
+# enable GnuTLS
+a2dismod ssl
+a2enmod gnutls
# enable mod_alias for RedirectMatch
a2enmod alias
@@ -26,6 +27,7 @@ a2enmod headers
a2enconf freedombox
a2ensite 000-default
-a2ensite default-ssl
+a2dissite default-ssl
+a2ensite default-tls
echo "Done configuring Apache."
--
2.5.1
signature.asc
Description: OpenPGP digital signature
