osdir.com


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Openstack-security] [openstack/cursive] SecurityImpact review request change openstack%2Fcursive~master~I8d7f43fb4c0573ac3681147eac213b369bbbcb3b


Hi, I'd like you to take a look at this patch for potential
SecurityImpact.
https://review.openstack.org/357202

Log:
commit ad879a1fbccfa31fdedd69e3193e9bf12a15f943
Author: Peter Hamilton <peter.hamilton at jhuapl.edu>
Date:   Thu Aug 18 08:50:38 2016 -0400

    Add certificate validation
    
    This change adds support for certificate validation, including
    certificate inspection utilities. Validating a certificate
    requires the certificate UUID of the certificate to validate,
    a set of UUIDs corresponding to the set of trusted certificates
    needed to validate the certificate, and a user context for
    authentication to the key manager. A new certificate verification
    context is included that is used to store the set of trusted
    certificates once they are loaded from the key manager. This
    context is used to validate the signing certificate, verifying
    that the certificate belongs to a valid certificate chain rooted
    in the set of trusted certificates.
    
    All new certificate utility code is added in a new module named
    certificate_utils.
    
    For more information on this work, see the spec:
    https://review.openstack.org/#/c/488541/
    
    SecurityImpact
    DocImpact
    
    Change-Id: I8d7f43fb4c0573ac3681147eac213b369bbbcb3b
    Implements: blueprint nova-validate-certificates