From 714fc09d7a17cd52c71a64a41c757f373729422d Mon Sep 17 00:00:00 2001
From: Patrick Uiterwijk <puiterwijk@redhat.com>
Date: Mon, 28 Nov 2016 11:57:59 +0000
Subject: [PATCH] Disable SSL auth for stg distgit

Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
---
 roles/distgit/templates/lookaside-upload.conf | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/roles/distgit/templates/lookaside-upload.conf b/roles/distgit/templates/lookaside-upload.conf
index 1fd5f3cd8c..48b8dfd449 100644
--- a/roles/distgit/templates/lookaside-upload.conf
+++ b/roles/distgit/templates/lookaside-upload.conf
@@ -50,15 +50,18 @@ SSLCryptoDevice builtin
 
        Options +ExecCGI
 
+{% if env == "production" %}
        SSLVerifyClient optional
        SSLVerifyDepth 1
        SSLOptions +StrictRequire +StdEnvVars +OptRenegotiate
+{% endif %}
 
        AuthType GSSAPI
        GssapiSSLonly On
        AuthName "GSSAPI Single Sign On Login"
        GssapiCredStore keytab:/etc/httpd.keytab
 
+{% if env == "production" %}
        SetEnvIfExpr "%{SSL_CLIENT_S_DN_O} == 'Fedora Project'" cert_s_o_valid
        SetEnvIfExpr "%{SSL_CLIENT_S_DN_OU} == 'Fedora User Cert'" cert_s_ou_valid
        SetEnvIfExpr "%{SSL_CLIENT_I_DN_O} == 'Fedora Project'" cert_i_o_valid
@@ -73,6 +76,9 @@ SSLCryptoDevice builtin
            </RequireAll>
            Require valid-user
        </RequireAny>
+{% else %}
+       Require valid-user
+{% endif %}
     </Location>
 
 </VirtualHost>