[Openstack-security] [openstack/cursive] SecurityImpact review request change I8d7f43fb4c0573ac3681147eac213b369bbbcb3b
gerrit2 at review.openstack.org
gerrit2 at review.openstack.org
Mon Sep 26 19:40:54 UTC 2016
Hi, I'd like you to take a look at this patch for potential
SecurityImpact.
https://review.openstack.org/357202
Log:
commit b51b8e36ff8127abc1429b05c5e7c14b69f88afb
Author: Peter Hamilton <peter.hamilton at jhuapl.edu>
Date: Thu Aug 18 08:50:38 2016 -0400
Add certificate validation
This change adds support for a certificate trust store. When
performing signature verification, all certificates in the trust
store are loaded into a certificate verification context. This
context is used to validate the signing certificate, verifying
that the certificate belongs to a valid certificate chain rooted
in the trust store.
The signature_utils.get_verifier function is updated to accept
an additional, optional parameter: trust_store_path. This
parameter should contain a valid filesystem path to the
directory acting as the certificate trust store. If not
provided, it defaults to None and the trust store will be
considered empty.
All new certificate utility code is added in a new module named
certificate_utils.
For more information on this work, see the spec:
https://review.openstack.org/#/c/357151/
SecurityImpact
DocImpact
Change-Id: I8d7f43fb4c0573ac3681147eac213b369bbbcb3b
More information about the Openstack-security
mailing list