openstack team mailing list archive

[Joseph Heck <heckj@xxxxxx>]

The basic support for SSL has been readded to Keystone earlier this release cycle, alough theres still a few pieces trickling through the pipeline (recent updates to keystone client to allow for self-signed certs). 

It needs testing, and I dont know that we yet have good deployment option docs (there are several options there) on how to deploy keystone with SSL.

The option to use a signed SSL cert as an authenticated "administrative" request itself has not been re-added, instead there was more interest from developers doing the code to focus on getting a base PKI implementation to allow for generically signed tokens in this release.

- joe

On Aug 3, 2012, at 9:13 AM, Jay Pipes <jaypipes@xxxxxxxxx> wrote:
> On 08/03/2012 05:18 AM, Pierre Amadio wrote:
> <snip>
>> https://blueprints.launchpad.net/keystone/+spec/2-way-ssl
>> 
>> At the bottom of the blueprint, there are 2 "addressed by" links with a
>> set of patches:
>> 
>> https://review.openstack.org/1038
>> https://review.openstack.org/7706
>> 
>> But i do not find trace of those patches in the ubuntu package
> <snip>
>> 
>> I also fail to find trace of those in a git checkout of the
>> refs/heads/stable/essex branch of keystone's git repository.
>> 
>> I am confused.
> 
> The reason is because that code and a bunch of other stuff was ripped
> out of Keystone late in the Essex release series with the move to
> "Keystone Light", which was essentially a rewrite of Keystone that
> replaced the Keystone project that had the code in it that you refer to
> above.
> 
> I've cc'd Joe Heck to give you some information on when SSL support
> might be re-added to Keystone.
> 
> Best,
> -jay