Statistics
| Branch: | Tag: | Revision:

root / test / py / ganeti.utils.security_unittest.py @ b4726cd7

History | View | Annotate | Download (4.1 kB)

# Date Author Comment
ab4b1cf2 02/14/2014 03:51 pm Helga Velroyen

Use node UUID as client certificate serial number

It turns out, that some implementations of OpenSSL are more
pedantic in checking the certficates than others. In this
particular case, the SSL connection could not be
established when the serial number of the certificates...
a6c43c02 12/20/2013 03:15 pm Helga Velroyen

Verify client certificates

This patch adds a step to 'gnt-cluster verify' to verify
the existence and validity of the nodes' client
certificates. Since this is a crucial point of the
security concept, the verification is very detailed with
expressive error messages and well tested by unit tests....
b3cc1646 12/20/2013 03:15 pm Helga Velroyen

Verify incoming RPCs against candidate map

From this patch on, incoming RPC calls are checked against
the map of valid master candidate certificates. If no map
is present, the cluster is assumed to be in
bootstrap/upgrade mode and compares the incoming call...
b544a3c2 12/20/2013 03:15 pm Helga Velroyen

Retrieve a node's certificate digest

In various cluster operations, the master node needs to
retrieve the digest of a node's SSL certificate. For this
purpose, we add an RPC call to retrieve the digest. The
function is designed in a general way to make it possible...
3338a9ce 12/20/2013 03:15 pm Helga Velroyen

Utility functions to manipulate the candidate map

This patch adds a couple of utility functions to manipulate
the map of master candidate SSL certificate digests.

Signed-off-by: Helga Velroyen <>
Reviewed-by: Hrvoje Ribicic <>