module documentation
Utility functions for security features of Ganeti.
| Function | |
Creates a new server SSL certificate and backups the old one. |
| Function | |
Creates a new server SSL certificate and backups the old one. |
| Function | |
Reads the SSL certificate and returns the sha1 digest. |
| Function | |
Checks whether the certificate issuer is the same as the owner. |
| Function | |
Undocumented |
| Function | |
Verifies a SSL certificate. |
Creates a new server SSL certificate and backups the old one.
| Parameters | |
| cert | filename of the certificate file |
| signing | name of the certificate to be used for signing |
| hostname:string | name of the machine whose cert is created |
Creates a new server SSL certificate and backups the old one.
| Parameters | |
| new | whether a new certificate should be created |
| cert | filename of the certificate file |
| serial | serial number of the certificate |
| log | log message to be written on certificate creation |
| uid:int | the user ID of the user who will be owner of the certificate file |
| gid:int | the group ID of the group who will own the certificate file |
Checks whether the certificate issuer is the same as the owner.
Note that this does not actually verify the signature, it simply compares the certificates common name and the issuer's common name. This is sufficient, because now that Ganeti started creating non-self-signed client-certificates, it uses their hostnames as common names and thus they are distinguishable by common name from the server certificates.
| Parameters | |
| cert | filename of the certificate to examine |