[Openstack-security] [openstack/cursive] SecurityImpact review request change I8d7f43fb4c0573ac3681147eac213b369bbbcb3b
gerrit2 at review.openstack.org
gerrit2 at review.openstack.org
Thu Aug 18 13:15:07 UTC 2016
Hi, I'd like you to take a look at this patch for potential
SecurityImpact.
https://review.openstack.org/357202
Log:
commit 077ac1896decbd738ac83dff28b5ad882274038c
Author: Peter Hamilton <peter.hamilton at jhuapl.edu>
Date: Thu Aug 18 08:50:38 2016 -0400
Add certificate validation
This change adds support for a certificate trust store. When
performing signature verification, all certificates in the trust
store are loaded into a certificate verification context. This
context is used to validate the signing certificate, verifying
that the certificate belongs to a valid certificate chain rooted
in the trust store.
The get_verifier function is updated to accept an additional,
optional parameter: trust_store_path. This parameter should
contain a valid filesystem path to the directory acting as the
certificate trust store. If not provided, it defaults to None
and the trust store will be considered empty.
For more information on this work, see the spec:
https://review.openstack.org/#/c/357151/
SecurityImpact
DocImpact
Change-Id: I8d7f43fb4c0573ac3681147eac213b369bbbcb3b
More information about the Openstack-security
mailing list