The basic support for SSL has been readded to Keystone earlier this release cycle, alough theres still a few pieces trickling through the pipeline (recent updates to keystone client to allow for self-signed certs).
It needs testing, and I dont know that we yet have good deployment option docs (there are several options there) on how to deploy keystone with SSL. The option to use a signed SSL cert as an authenticated "administrative" request itself has not been re-added, instead there was more interest from developers doing the code to focus on getting a base PKI implementation to allow for generically signed tokens in this release. - joe On Aug 3, 2012, at 9:13 AM, Jay Pipes <jaypi...@gmail.com> wrote: > On 08/03/2012 05:18 AM, Pierre Amadio wrote: > <snip> >> https://blueprints.launchpad.net/keystone/+spec/2-way-ssl >> >> At the bottom of the blueprint, there are 2 "addressed by" links with a >> set of patches: >> >> https://review.openstack.org/1038 >> https://review.openstack.org/7706 >> >> But i do not find trace of those patches in the ubuntu package > <snip> >> >> I also fail to find trace of those in a git checkout of the >> refs/heads/stable/essex branch of keystone's git repository. >> >> I am confused. > > The reason is because that code and a bunch of other stuff was ripped > out of Keystone late in the Essex release series with the move to > "Keystone Light", which was essentially a rewrite of Keystone that > replaced the Keystone project that had the code in it that you refer to > above. > > I've cc'd Joe Heck to give you some information on when SSL support > might be re-added to Keystone. > > Best, > -jay _______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp