Statistics
| Branch: | Tag: | Revision:

root / test @ 9b85ede9

Name Size
  autotools
  data
  hs
  py

Latest revisions

# Date Author Comment
9b85ede9 01/13/2014 12:08 pm Klaus Aehlig

Add utility to compare versions

This will be needed, e.g., for post-upgrade task, as they
have to decide whether a feature was not yet present at
the version started from.

Signed-off-by: Klaus Aehlig <>
Reviewed-by: Hrvoje Ribicic <>

a6c43c02 12/20/2013 03:15 pm Helga Velroyen

Verify client certificates

This patch adds a step to 'gnt-cluster verify' to verify
the existence and validity of the nodes' client
certificates. Since this is a crucial point of the
security concept, the verification is very detailed with
expressive error messages and well tested by unit tests....

b3cc1646 12/20/2013 03:15 pm Helga Velroyen

Verify incoming RPCs against candidate map

From this patch on, incoming RPC calls are checked against
the map of valid master candidate certificates. If no map
is present, the cluster is assumed to be in
bootstrap/upgrade mode and compares the incoming call...

d722af8b 12/20/2013 03:15 pm Helga Velroyen

Extend RPC call to create SSL certificates

So far the RPC call 'node_crypto_tokens' did only retrieve
the certificate digest of an existing certificate. This
call is now enhanced to also create a new certificate and
return the respective digest. This will be used in various...

840ad2ab 12/20/2013 03:15 pm Helga Velroyen

Handle client certificates on node add/remove

This patch adds the certificate of a newly added or
readded master candidate node to the map of master candidate
certificates. It removes a master candidate node's certificate
digest from the candidate certificate map if the node is...

5b6f9e35 12/20/2013 03:15 pm Helga Velroyen

Add certificate for master node

On cluster initialization, the master node's
SSL certificate digest is added to the list of master
candidate certificates.

Signed-off-by: Helga Velroyen <>
Reviewed-by: Hrvoje Ribicic <>

3bcf2140 12/20/2013 03:15 pm Helga Velroyen

Add candiate certificate map to configuration

At the end of this patch series, incoming RPC calls are
legitimized against a map of master candidate nodes'
SSL certificate digests. This patch adds the map itself
to the cluster's configuration.

Signed-off-by: Helga Velroyen <>...

b544a3c2 12/20/2013 03:15 pm Helga Velroyen

Retrieve a node's certificate digest

In various cluster operations, the master node needs to
retrieve the digest of a node's SSL certificate. For this
purpose, we add an RPC call to retrieve the digest. The
function is designed in a general way to make it possible...

3338a9ce 12/20/2013 03:15 pm Helga Velroyen

Utility functions to manipulate the candidate map

This patch adds a couple of utility functions to manipulate
the map of master candidate SSL certificate digests.

Signed-off-by: Helga Velroyen <>
Reviewed-by: Hrvoje Ribicic <>

c1cf0435 12/20/2013 03:15 pm Helga Velroyen

Remove superfluous imports

This removes some superfluous imports from the X509 (SSL)
unittests.

Signed-off-by: Helga Velroyen <>
Reviewed-by: Hrvoje Ribicic <>

View revisions

Also available in: Atom