From 8e8a020f8d2476cca321349fa24db4bee95270d8 Mon Sep 17 00:00:00 2001
From: Martin Kosek <mkosek@redhat.com>
Date: Thu, 20 Mar 2014 09:34:53 +0100
Subject: [PATCH] Proxy PKI clone /ca/ee/ca/profileSubmit URI

PKI change done in ticket https://fedorahosted.org/pki/ticket/816
requires the PKI Clone's SSL Server certificate to be issued by
it's associated PKI master.

Allow this call on IPA master.

https://fedorahosted.org/freeipa/ticket/4265

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
---
 install/conf/ipa-pki-proxy.conf | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/install/conf/ipa-pki-proxy.conf b/install/conf/ipa-pki-proxy.conf
index 6f0463242b75a58cf63a38e62c23fa372aeacf64..224cdd45b5b5f72671a179570fd15772fe8cfaab 100644
--- a/install/conf/ipa-pki-proxy.conf
+++ b/install/conf/ipa-pki-proxy.conf
@@ -1,9 +1,9 @@
-# VERSION 3 - DO NOT REMOVE THIS LINE
+# VERSION 4 - DO NOT REMOVE THIS LINE
 
 ProxyRequests Off
 
 # matches for ee port
-<LocationMatch "^/ca/ee/ca/checkRequest|^/ca/ee/ca/getCertChain|^/ca/ee/ca/getTokenInfo|^/ca/ee/ca/tokenAuthenticate|^/ca/ocsp|^/ca/ee/ca/updateNumberRange|^/ca/ee/ca/getCRL">
+<LocationMatch "^/ca/ee/ca/checkRequest|^/ca/ee/ca/getCertChain|^/ca/ee/ca/getTokenInfo|^/ca/ee/ca/tokenAuthenticate|^/ca/ocsp|^/ca/ee/ca/updateNumberRange|^/ca/ee/ca/getCRL|^/ca/ee/ca/profileSubmit">
     NSSOptions +StdEnvVars +ExportCertData +StrictRequire +OptRenegotiate
     NSSVerifyClient none
     ProxyPassMatch ajp://localhost:$DOGTAG_PORT
-- 
1.8.5.3