cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Syed Ahmed" <sah...@cloudops.com>
Subject Re: Review Request 15897: Add certificate chain support for netscaler.
Date Wed, 04 Dec 2013 04:44:59 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/15897/
-----------------------------------------------------------

(Updated Dec. 4, 2013, 4:44 a.m.)


Review request for cloudstack and Murali Reddy.


Changes
-------

Updated the NetscalerResource. Fixed compilation issue. Can you please check now ... sorry
for the trouble. 


Bugs: CLOUDSTACK-5296
    https://issues.apache.org/jira/browse/CLOUDSTACK-5296


Repository: cloudstack-git


Description
-------

This patch adds support for trust chains in the netscaler. 

I initially planned on using the 10.1 API's "bundle" feature but during my testing I found
that was not working. So I am doing the chain linking myself. Also NS can have only one entity
of a certificate ie lets say two different users try to add the same certificate on the netscaler
only one of them will go through. The other one says resouce already exists even though they
have different files. 

This can be a problem in trust chains where the chain can be shared between multiple accounts/certificates.
So, I am using the figerprint as an identifier of a certificate and making sure that we delete
it only when no one references it. 


Diffs (updated)
-----

  .gitignore dab1b3f 
  api/src/com/cloud/network/lb/LoadBalancingRule.java 4b2f9c4 
  engine/schema/src/com/cloud/network/dao/SslCertDaoImpl.java 99354c5 
  plugins/network-elements/netscaler/src/com/cloud/network/resource/NetscalerResource.java
7dac9a0 
  server/src/com/cloud/network/lb/LoadBalancingRulesManagerImpl.java a2eba07 
  server/src/org/apache/cloudstack/network/lb/CertServiceImpl.java 17f88bd 
  utils/src/com/cloud/utils/security/CertificateHelper.java e8d20b0 

Diff: https://reviews.apache.org/r/15897/diff/


Testing
-------

Testing was done a a 3-length chain with a root, intermediate and a client certificate. Two
clients share the same intermediate certificate.


Thanks,

Syed Ahmed


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message