Change in vdsm[master]: vdsm-reg: use web server CA extracted from SSL handshake

[danken]

Dan Kenigsberg has submitted this change and it was merged.

Change subject: vdsm-reg: use web server CA extracted from SSL handshake
......................................................................


vdsm-reg: use web server CA extracted from SSL handshake

CURRENT IMPLEMENTATION

During registration, the CA certificate of the web server is downloaded
from ENGINE_URL/ca.crt

PROBLEM IN CURRENT IMPLEMENTATION

There is no way to separate between the CA of the engine that issues
certificates for vdsm and the web interface certificate.

JUSTIFICATION

Having 3rd party CA for web server certificate is required to meet
organization policy. The 3rd party CA may already be trusted so issuing
web server certificate using 3rd party CA makes deployment easier.

NEW IMPLEMENTATION

Acquire CA certificate from the TLS/SSL handshake.

Change-Id: Iab8727a167de19ac66712309868654ae00c9bf4d
Signed-off-by: Alon Bar-Lev <alo...@redhat.com>
Bug-Url: https://bugzilla.redhat.com/show_bug.cgi?id=863292
---
M vdsm.spec.in
M vdsm_reg/deployUtil.py.in
2 files changed, 59 insertions(+), 20 deletions(-)

Approvals:
  Alon Bar-Lev: Verified
  Dan Kenigsberg: Looks good to me, approved


--
To view, visit http://gerrit.ovirt.org/8386
To unsubscribe, visit http://gerrit.ovirt.org/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: Iab8727a167de19ac66712309868654ae00c9bf4d
Gerrit-PatchSet: 5
Gerrit-Project: vdsm
Gerrit-Branch: master
Gerrit-Owner: Alon Bar-Lev <alo...@redhat.com>
Gerrit-Reviewer: Alon Bar-Lev <alo...@redhat.com>
Gerrit-Reviewer: Dan Kenigsberg <dan...@redhat.com>
Gerrit-Reviewer: Doron Fediuck <dfedi...@redhat.com>
Gerrit-Reviewer: Juan Hernandez <juan.hernan...@redhat.com>
_______________________________________________
vdsm-patches mailing list
vdsm-patches@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/vdsm-patches