← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #58802

[Bug 1638152] Re: vpn should support different auth algorithm for different driver

  Thread PreviousDate PreviousThread Next 
Reviewed:  https://review.openstack.org/393702
Committed: https://git.openstack.org/cgit/openstack/neutron-vpnaas/commit/?id=b1530c73da9b8c689c61b3fc726a1ba6e5038ec3
Submitter: Jenkins
Branch:    master

commit b1530c73da9b8c689c61b3fc726a1ba6e5038ec3
Author: Dongcan Ye <hellochosen@xxxxxxxxx>
Date:   Fri Nov 4 18:43:32 2016 +0800

    Add sha384 and sha512 auth algorithms for vendor drivers
    
    Currently, VPNaaS limits the IPSec and IKE auth algorithm to
    "sha1" and "sha256". If user add a new driver(eg, Hardware VPN Gateway),
    and the new driver supports more auth algorithms, such as "sha2-384",
    "sha2-512", it can not integrated with current VPNaaS plugin.
    
    This patch add "sha384" and "sha512" auth algorithms in API and DB side,
    Because of Openswan, Strongswan, Libreswan and Cisco CSR driver doesn't
    support these, so we add a validator in ipsec and Cisco CSR service driver,
    that will raise an exception when creating or updating the IPSec/IKE Policy
    auth algorithm with "sha384" and "sha512".
    Other vendors can bypass validate ike_policy and ipsec_policy
    when creating and updating auth_algorithm, or implement specific
    logic for themselves.
    
    DocImpact
    APIImpact
    NOTE: CLI support also needs change.
    
    Closes-Bug: #1638152
    Change-Id: I87b257ee6500c424fc273955a6d89d972a2823e9


** Changed in: neutron
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1638152

Title:
  vpn should support different auth algorithm for different driver

Status in neutron:
  Fix Released

Bug description:
  Currently, vpnaas plugin limits the ipsec and ike auth algorithm to
  "sha1" and "sha256", if user add a new driver (for example, hardware
  vpn gateway), and the new driver supports more auth algorithm, such as
  "sha2-384", "sha2-512", it can not integrated with current vpnaas
  plugin.

  It is necessary to support different auth algorithm for different
  drivers.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1638152/+subscriptions

References

  Thread PreviousDate PreviousThread Next