[Yahoo-eng-team] [Bug 1642428] Re: Add sha384 and sha512 auth algorithms for vendor drivers

Mon, 28 Nov 2016 08:47:28 -0800 

Reviewed:  https://review.openstack.org/400827
Committed: 
https://git.openstack.org/cgit/openstack/neutron-lib/commit/?id=ef5be1fd1abe2d40638df8e4070674d4ec591385
Submitter: Jenkins
Branch:    master

commit ef5be1fd1abe2d40638df8e4070674d4ec591385
Author: Darla Ahlert <da7...@att.com>
Date:   Tue Nov 22 09:32:52 2016 -0600

    [doc]Add sha256, sha384 and sha512 auth algorithms
    
    https://review.openstack.org/#/c/393702/ adds sha284 and sha512
    auth algorithms for vendor drivers. This commit adds these auth
    algorithms as options in the API documentation.
    
    Change-Id: I19182dbe82b89c4fa83cb93864daf47210d6c85b
    Closes-bug: 1642428


** Changed in: neutron
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1642428

Title:
      Add sha384 and sha512 auth algorithms for vendor drivers

Status in neutron:
  Fix Released

Bug description:
  https://review.openstack.org/393702
  Dear bug triager. This bug was created since a commit was marked with 
DOCIMPACT.

  commit b1530c73da9b8c689c61b3fc726a1ba6e5038ec3
  Author: Dongcan Ye <hellocho...@gmail.com>
  Date:   Fri Nov 4 18:43:32 2016 +0800

      Add sha384 and sha512 auth algorithms for vendor drivers
      
      Currently, VPNaaS limits the IPSec and IKE auth algorithm to
      "sha1" and "sha256". If user add a new driver(eg, Hardware VPN Gateway),
      and the new driver supports more auth algorithms, such as "sha2-384",
      "sha2-512", it can not integrated with current VPNaaS plugin.
      
      This patch add "sha384" and "sha512" auth algorithms in API and DB side,
      Because of Openswan, Strongswan, Libreswan and Cisco CSR driver doesn't
      support these, so we add a validator in ipsec and Cisco CSR service 
driver,
      that will raise an exception when creating or updating the IPSec/IKE 
Policy
      auth algorithm with "sha384" and "sha512".
      Other vendors can bypass validate ike_policy and ipsec_policy
      when creating and updating auth_algorithm, or implement specific
      logic for themselves.
      
      DocImpact
      APIImpact
      NOTE: CLI support also needs change.
      
      Closes-Bug: #1638152
      Change-Id: I87b257ee6500c424fc273955a6d89d972a2823e9

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1642428/+subscriptions

-- 
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to     : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help   : https://help.launchpad.net/ListHelp

Reply via email to