Revision b544a3c2 lib/utils/security.py
| b/lib/utils/security.py | ||
|---|---|---|
| 23 | 23 |
""" |
| 24 | 24 |
|
| 25 | 25 |
import logging |
| 26 |
import OpenSSL |
|
| 27 |
|
|
| 28 |
from ganeti.utils import io |
|
| 29 |
from ganeti import pathutils |
|
| 26 | 30 |
|
| 27 | 31 |
|
| 28 | 32 |
def AddNodeToCandidateCerts(node_uuid, cert_digest, candidate_certs, |
| ... | ... | |
| 74 | 78 |
"candidate map." % node_uuid) |
| 75 | 79 |
return |
| 76 | 80 |
del candidate_certs[node_uuid] |
| 81 |
|
|
| 82 |
|
|
| 83 |
def GetClientCertificateDigest(cert_filename=pathutils.NODED_CERT_FILE): |
|
| 84 |
"""Reads the SSL certificate and returns the sha1 digest. |
|
| 85 |
|
|
| 86 |
""" |
|
| 87 |
# FIXME: This is supposed to read the client certificate, but |
|
| 88 |
# in this stage of the patch series there is no client certificate |
|
| 89 |
# yet, so we return the digest of the server certificate to get |
|
| 90 |
# the rest of the key management infrastructure running. |
|
| 91 |
cert_plain = io.ReadFile(cert_filename) |
|
| 92 |
cert = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, |
|
| 93 |
cert_plain) |
|
| 94 |
return cert.digest("sha1")
|
|
Also available in: Unified diff