[Openstack-security] [openstack/cursive] SecurityImpact review request change I8d7f43fb4c0573ac3681147eac213b369bbbcb3b
gerrit2 at review.openstack.org
gerrit2 at review.openstack.org
Thu Aug 18 13:13:19 UTC 2016
Hi, I'd like you to take a look at this patch for potential
SecurityImpact.
https://review.openstack.org/357202
Log:
commit 97baff182e2d742dff8061aa31489352b410a481
Author: Peter Hamilton <peter.hamilton at jhuapl.edu>
Date: Thu Aug 18 08:50:38 2016 -0400
Add certificate validation
This change adds support for a certificate trust store. When
performing signature verification, all certificates in the trust
store are loaded into a certificate verification context. This
context is used to validate the signing certificate, verifying
that the certificate belongs to a valid certificate chain rooted
in the trust store.
The get_verifier function is updated to accept an additional,
optional parameter: trust_store_path. This parameter should
contain a valid filesystem path to the directory acting as the
certificate trust store. If not provided, it defaults to None
and the trust store will be considered empty.
SecurityImpact
DocImpact
Change-Id: I8d7f43fb4c0573ac3681147eac213b369bbbcb3b
More information about the Openstack-security
mailing list