Statistics
| Branch: | Tag: | Revision:

root / lib / utils / x509.py @ eac9b7b8

History | View | Annotate | Download (12.3 kB)

# Date Author Comment
0602cef3 12/03/2012 04:33 pm Michael Hanselmann

Factorize code for checking node daemon certificate

This code is going to be used by a new utility for setting up the node
daemon. Unit tests are updated/added.

Additionally, the certificate and key stored in “server.pem” are
verified, too.

Signed-off-by: Michael Hanselmann <>...

86b9a385 11/30/2012 11:44 am Michael Hanselmann

Fix breakage introduced in commit a8b3b09

The order of the calls to “ctx.use_privatekey” and “ctx.use_certificate”
was wrong, leading to an exception being thrown.

Signed-off-by: Michael Hanselmann <>
Reviewed-by: Guido Trotter <>

a8b3b09d 11/30/2012 10:51 am Michael Hanselmann

Factorize SSL context setup for certificate check

This code will also be used by the node daemon setup utility.

Signed-off-by: Michael Hanselmann <>
Reviewed-by: Helga Velroyen <>

6b96df59 10/26/2012 03:37 pm Michael Hanselmann

utils.x509: Factorize code to extract X509 certificate

This will be useful in “gnt-node add”.

Signed-off-by: Michael Hanselmann <>
Reviewed-by: Iustin Pop <>

f97a7ada 05/09/2012 12:12 pm Iustin Pop

Allow clock skews in certificate verification

Currently we allow for up to NODE_MAX_CLOCK_SKEW time difference
between nodes in some operations, but not everywhere: SSL certificate
verification (import/export, both intra and inter-cluster) has a zero
limit (downwards), and a week upwards. This can cause even...

b6267745 09/20/2011 05:04 pm Andrea Spadaccini

Implementation of TLS-protected SPICE connections

Added support for TLS-protected SPICE connections:

client/gnt_cluster.py, cli.py:
  • added three new parameters to renew-crypto (--new-spice-certificate,
    --spice-certificate, --spice-ca-certificate) and their validation....
a3d32770 01/18/2011 01:47 pm Iustin Pop

Rename OpVerifyCluster and LUVerifyCluster

Signed-off-by: Iustin Pop <>
Reviewed-by: René Nussbaumer <>

c50645c0 01/11/2011 04:25 pm Michael Hanselmann

utils: Move X509-related code into separate file

Signed-off-by: Michael Hanselmann <>
Reviewed-by: Iustin Pop <>