Public bug reported:
https://review.openstack.org/393702
Dear bug triager. This bug was created since a commit was marked with DOCIMPACT.
commit b1530c73da9b8c689c61b3fc726a1ba6e5038ec3
Author: Dongcan Ye <hellocho...@gmail.com>
Date: Fri Nov 4 18:43:32 2016 +0800
Add sha384 and sha512 auth algorithms for vendor drivers
Currently, VPNaaS limits the IPSec and IKE auth algorithm to
"sha1" and "sha256". If user add a new driver(eg, Hardware VPN Gateway),
and the new driver supports more auth algorithms, such as "sha2-384",
"sha2-512", it can not integrated with current VPNaaS plugin.
This patch add "sha384" and "sha512" auth algorithms in API and DB side,
Because of Openswan, Strongswan, Libreswan and Cisco CSR driver doesn't
support these, so we add a validator in ipsec and Cisco CSR service driver,
that will raise an exception when creating or updating the IPSec/IKE Policy
auth algorithm with "sha384" and "sha512".
Other vendors can bypass validate ike_policy and ipsec_policy
when creating and updating auth_algorithm, or implement specific
logic for themselves.
DocImpact
APIImpact
NOTE: CLI support also needs change.
Closes-Bug: #1638152
Change-Id: I87b257ee6500c424fc273955a6d89d972a2823e9
** Affects: neutron
Importance: Undecided
Status: New
** Tags: doc neutron-vpnaas
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1642428
Title:
Add sha384 and sha512 auth algorithms for vendor drivers
Status in neutron:
New
Bug description:
https://review.openstack.org/393702
Dear bug triager. This bug was created since a commit was marked with
DOCIMPACT.
commit b1530c73da9b8c689c61b3fc726a1ba6e5038ec3
Author: Dongcan Ye <hellocho...@gmail.com>
Date: Fri Nov 4 18:43:32 2016 +0800
Add sha384 and sha512 auth algorithms for vendor drivers
Currently, VPNaaS limits the IPSec and IKE auth algorithm to
"sha1" and "sha256". If user add a new driver(eg, Hardware VPN Gateway),
and the new driver supports more auth algorithms, such as "sha2-384",
"sha2-512", it can not integrated with current VPNaaS plugin.
This patch add "sha384" and "sha512" auth algorithms in API and DB side,
Because of Openswan, Strongswan, Libreswan and Cisco CSR driver doesn't
support these, so we add a validator in ipsec and Cisco CSR service
driver,
that will raise an exception when creating or updating the IPSec/IKE
Policy
auth algorithm with "sha384" and "sha512".
Other vendors can bypass validate ike_policy and ipsec_policy
when creating and updating auth_algorithm, or implement specific
logic for themselves.
DocImpact
APIImpact
NOTE: CLI support also needs change.
Closes-Bug: #1638152
Change-Id: I87b257ee6500c424fc273955a6d89d972a2823e9
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1642428/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
