On 06/27/2014 12:21 AM, Carlos Garza wrote:
I don't know where we can check in experimental code so I have a
demonstration
of how to extract CNs subjAltNames or what ever we want from x509
certificates. Later on
I plan to use the OpenSSL libraries to verify certs coming from barbican
It doesn't look like NSS is currently used within Neutron or Keystone.
Another alternative would be to write the certificate to a temp file and
then invoke openssl x509 -text -noout -in $TEMP_FILE and parse the
output, Keystone currently does similar (keystone/common/openssl.py). Given
renewed
Too late guys. I'm already grabbing the fields from pyasn1. I'm not writing
an ASN1
parser I'm using the one from pyasn1_modules.rfc2459.
I am in favor of using a common crypto lib which is why I was planning to use
the cryptography package that barbican already depends on to handle the
On Jun 27, 2014, at 9:26 AM, John Dennis jden...@redhat.com wrote:
On 06/27/2014 12:21 AM, Carlos Garza wrote:
I don't know where we can check in experimental code so I have a
demonstration
of how to extract CNs subjAltNames or what ever we want from x509
certificates. Later on
I
On Jun 28, 2014, at 12:01 AM, Carlos Garza carlos.ga...@rackspace.com
wrote:
example python script using your example pem file. If using NSS isn't an
option I'd rather see us provide the necessary binding in pyopenssl than
handcraft one-off routines.
Are you saying you prefer us