Reviewed: https://review.openstack.org/393702 Committed: https://git.openstack.org/cgit/openstack/neutron-vpnaas/commit/?id=b1530c73da9b8c689c61b3fc726a1ba6e5038ec3 Submitter: Jenkins Branch: master
commit b1530c73da9b8c689c61b3fc726a1ba6e5038ec3 Author: Dongcan Ye <[email protected]> Date: Fri Nov 4 18:43:32 2016 +0800 Add sha384 and sha512 auth algorithms for vendor drivers Currently, VPNaaS limits the IPSec and IKE auth algorithm to "sha1" and "sha256". If user add a new driver(eg, Hardware VPN Gateway), and the new driver supports more auth algorithms, such as "sha2-384", "sha2-512", it can not integrated with current VPNaaS plugin. This patch add "sha384" and "sha512" auth algorithms in API and DB side, Because of Openswan, Strongswan, Libreswan and Cisco CSR driver doesn't support these, so we add a validator in ipsec and Cisco CSR service driver, that will raise an exception when creating or updating the IPSec/IKE Policy auth algorithm with "sha384" and "sha512". Other vendors can bypass validate ike_policy and ipsec_policy when creating and updating auth_algorithm, or implement specific logic for themselves. DocImpact APIImpact NOTE: CLI support also needs change. Closes-Bug: #1638152 Change-Id: I87b257ee6500c424fc273955a6d89d972a2823e9 ** Changed in: neutron Status: In Progress => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/1638152 Title: vpn should support different auth algorithm for different driver Status in neutron: Fix Released Bug description: Currently, vpnaas plugin limits the ipsec and ike auth algorithm to "sha1" and "sha256", if user add a new driver (for example, hardware vpn gateway), and the new driver supports more auth algorithm, such as "sha2-384", "sha2-512", it can not integrated with current vpnaas plugin. It is necessary to support different auth algorithm for different drivers. To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1638152/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : [email protected] Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
