This change adds support for certificate validation, including
certificate inspection utilities. Validating a certificate
requires the certificate UUID of the certificate to validate,
a set of UUIDs corresponding to the set of trusted certificates
needed to validate the certificate, and a user context for
authentication to the key manager. A new certificate verification
context is included that is used to store the set of trusted
certificates once they are loaded from the key manager. This
context is used to validate the signing certificate, verifying
that the certificate belongs to a valid certificate chain rooted
in the set of trusted certificates.
All new certificate utility code is added in a new module named
certificate_utils.
For more information on this work, see the spec:
https://review.openstack.org/#/c/488541/
SecurityImpact
DocImpact
Change-Id: I8d7f43fb4c0573ac3681147eac213b369bbbcb3b
Implements: blueprint nova-validate-certificates
Releasenote translation publishing is being prepared. 'locale_dirs'
needs to be defined in conf.py to generate translated version of the
release notes.
Note that this repository might not get translated release notes - or
no translations at all - but we add the entry here nevertheless to
prepare for it.
Change-Id: Ie8e2150f98f5fd6e97e38d776fc1ae95f1fafbe4
tox -e releasenotes fails with:
Warning, treated as error:
WARNING: html_static_path entry
u'/home/aj/vcs/OpenStack/openstack/cursive/releasenotes/source/_static'
does not exist
Add missing directory - like done on similar projects -,
using a placeholder to make git happy.
Also, add build directory to .gitignore.
Remove .placeholder from .gitignore, those files are important!
Change-Id: I20d9881975eb491f6a977ae2de9406e64a659ca9