← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #59153

[Bug 1642428] Re: Add sha384 and sha512 auth algorithms for vendor drivers

  Thread PreviousDate PreviousThread Next 
Reviewed:  https://review.openstack.org/400827
Committed: https://git.openstack.org/cgit/openstack/neutron-lib/commit/?id=ef5be1fd1abe2d40638df8e4070674d4ec591385
Submitter: Jenkins
Branch:    master

commit ef5be1fd1abe2d40638df8e4070674d4ec591385
Author: Darla Ahlert <da741q@xxxxxxx>
Date:   Tue Nov 22 09:32:52 2016 -0600

    [doc]Add sha256, sha384 and sha512 auth algorithms
    
    https://review.openstack.org/#/c/393702/ adds sha284 and sha512
    auth algorithms for vendor drivers. This commit adds these auth
    algorithms as options in the API documentation.
    
    Change-Id: I19182dbe82b89c4fa83cb93864daf47210d6c85b
    Closes-bug: 1642428


** Changed in: neutron
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1642428

Title:
      Add sha384 and sha512 auth algorithms for vendor drivers

Status in neutron:
  Fix Released

Bug description:
  https://review.openstack.org/393702
  Dear bug triager. This bug was created since a commit was marked with DOCIMPACT.

  commit b1530c73da9b8c689c61b3fc726a1ba6e5038ec3
  Author: Dongcan Ye <hellochosen@xxxxxxxxx>
  Date:   Fri Nov 4 18:43:32 2016 +0800

      Add sha384 and sha512 auth algorithms for vendor drivers
      
      Currently, VPNaaS limits the IPSec and IKE auth algorithm to
      "sha1" and "sha256". If user add a new driver(eg, Hardware VPN Gateway),
      and the new driver supports more auth algorithms, such as "sha2-384",
      "sha2-512", it can not integrated with current VPNaaS plugin.
      
      This patch add "sha384" and "sha512" auth algorithms in API and DB side,
      Because of Openswan, Strongswan, Libreswan and Cisco CSR driver doesn't
      support these, so we add a validator in ipsec and Cisco CSR service driver,
      that will raise an exception when creating or updating the IPSec/IKE Policy
      auth algorithm with "sha384" and "sha512".
      Other vendors can bypass validate ike_policy and ipsec_policy
      when creating and updating auth_algorithm, or implement specific
      logic for themselves.
      
      DocImpact
      APIImpact
      NOTE: CLI support also needs change.
      
      Closes-Bug: #1638152
      Change-Id: I87b257ee6500c424fc273955a6d89d972a2823e9

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1642428/+subscriptions

References

  Thread PreviousDate PreviousThread Next