[openstack-dev] [Neutron] Representing PEM Format file as string
rajesh.mlists at gmail.com
Mon Jan 27 19:36:33 UTC 2014
I did not know that we could give files names. Since we had String in the
database, I assumed we need to give string as input.
I guess, the neutron client will convert the file to string and then call
the API. That should work. Thanks for the clarification.
On Mon, Jan 27, 2014 at 10:49 AM, Nachi Ueno <nachi at ntti3.com> wrote:
> Hi Rajesh
> May I ask why we need single line representation of PEM format?
> For CLI, we will use file_name as same as nova keypair-add.
> We won't specify PEM on the URL.
> 2014-01-27 Rajesh Mohan <rajesh.mlists at gmail.com>:
> > Thanks John.
> > My initial approach is similar to Keystone's. This is mainly to unblock
> > from making progress on the driver. Nachi is doing the API part. I will
> > discuss with him to explore other options.
> > Can you send us the link to your review?
> > Thanks,
> > -Rajesh Mohan
> > On Mon, Jan 27, 2014 at 6:00 AM, John Dennis <jdennis at redhat.com> wrote:
> >> On 01/26/2014 05:36 PM, Rajesh_Mohan3 at Dell.com wrote:
> >> > I am working on SSL VPN BP.
> >> >
> >> > CA certificate is one of the resources. We decided to use PEM
> >> > certificates. It is multi-line string
> >> >
> >> > 1 -----BEGIN CERTIFICATE-----
> >> > 2 MIID3TCCA0agAwIBAgIJAKRWnul3NJnrMA0GCSqGSIb3DQEBBQUAMIGmMQswCQYD
> >> > <snip>
> >> > 21 0vO728pEcn6QtOpU7ZjEv8JLKRHwyq8kwd8gKMflWZRng4R2dj3cdd24oYJxn5HW
> >> > 22 atXnq+N9H9dFgMfw5NNefwJrZ3zAE6mu0bAIoXVsKT2S
> >> > 23 -----END CERTIFICATE-----
> >> >
> >> > Is there a standard way to represent this as single line string? Maybe
> >> > there is some other project that passes certificates on command
> >> >
> >> > I am looking for some accepted way to represent PEM formatted file on
> >> > command line.
> >> >
> >> > I am thinking of concatenating all lines into single string and
> >> > rebuilding the file when configuration file is generated.Will we hit
> any CLI
> >> > size limitations if we pass long strings.
> >> In general PEM formatted certificates and other X509 binary data objects
> >> should be exchanged in the original PEM format for interoperabilty
> >> purposes. For command line tools it's best to pass PEM objects via a
> >> filename.
> >> However, having said that there is at least one place in Openstack which
> >> passes PEM data via a HTTP header and/or URL, it's the Keystone token id
> >> which is a binary CMS object normally exchanged in PEM format. Keystone
> >> strips the PEM header and footer, strips line endings and modifies one
> >> of the base64 alphabet characters which was incompatible with HTTP and
> >> URL encoding. However what keystone was doing was not correct and in
> >> fact did not follow an existing RFC (e.g. URL safe base64).
> >> I fixed these problems and in the process wrote two small Python modules
> >> base64utils and pemutils to do PEM transformations correctly (plus
> >> general utilities for working with base64 and PEM data). These were
> >> submitted to both keystone and oslo, Oslo on the assumption they should
> >> be general purpose utilities available to all of openstack. I believe
> >> these have languished in review purgatory, because I was pulled off to
> >> work on other issues I haven't had the time to babysit the review.
> >> --
> >> John
> >> _______________________________________________
> >> OpenStack-dev mailing list
> >> OpenStack-dev at lists.openstack.org
> >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
> > _______________________________________________
> > OpenStack-dev mailing list
> > OpenStack-dev at lists.openstack.org
> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OpenStack-dev