On Thu, Jun 25, 2015 at 05:32:31PM +0200, 'Helga Velroyen' via ganeti-devel wrote: > This patch significantly changes the callback that is > called upon receiving an incoming SSL connection. Since > this callback is called not only with the certificate > that the client sends, but also (in some implementations) > with the entire certificate chain of the client > certificate. > > In our case, the certficate chain contains > the client certificate and the server certificate as > the one that signed the client certificate. This means > that we have to accept the server certificate, but only > if we receive it with the 'depth' greater than 0, meaning > that this is part of the chain and not the actual > certificate. If the depth value is 0, we can be sure > to have received the actual certficate and match it > against the list of master candidate certificates as > before. > > Signed-off-by: Helga Velroyen <[email protected]> > --- > lib/server/noded.py | 51 +++++++++++++++++++++++++++++++++++++++------------ > 1 file changed, 39 insertions(+), 12 deletions(-)
LGTM -- Klaus Aehlig Google Germany GmbH, Dienerstr. 12, 80331 Muenchen Registergericht und -nummer: Hamburg, HRB 86891 Sitz der Gesellschaft: Hamburg Geschaeftsfuehrer: Graham Law, Christine Elizabeth Flores
