[Openstack-security] [openstack/python-keystoneclient] SecurityImpact review request change I9fe61354103b59dfd292740fbec35e9c6f5ef765
gerrit2 at review.openstack.org
gerrit2 at review.openstack.org
Wed Apr 9 01:59:56 UTC 2014
Hi, I'd like you to take a look at this patch for potential
SecurityImpact.
https://review.openstack.org/86206
Log:
commit 77a6ddc665e1dfc629a4034b6bb8094e6188ab98
Author: Brant Knudson <bknudson at us.ibm.com>
Date: Tue Apr 8 20:52:27 2014 -0500
auth_token middleware hashes tokens with sha256
The auth_token middleware always hashed PKI Tokens with MD5. This
change makes it so that PKI tokens can be hashed with SHA256. This
is for security hardening.
Both SHA256 and MD5 will be tried when checking against the
revocation list. This will support identity servers that are not
configured for SHA256.
When storing the PKI token in the local cache, the sha256 hash will
always be used.
SecurityImpact
Closes-Bug: #1174499
Change-Id: I9fe61354103b59dfd292740fbec35e9c6f5ef765
More information about the Openstack-security
mailing list