The cryptography library has been bumped to 3.1 in upper-constraints
file during Ussuri, which is quite old. So we no longer have to
maintain logic for cryptography < 3.0.
Change-Id: I1a463e320b94b0e99e92541581e1ee5feffd356a
generate_pkcs12_bundle used the PKCS12 class of the pyOpenSSL module
which is not compliant with FIPS (uses SHA1).
Switch to the cryptography module for generating the PKCS bundles unless
for really old releases (<=3.0) that don't support it (stable/train is
still on 2.8).
Change-Id: Ibd50e9a6e406683b7faba093d716c83d2b994ad7
While generating certificate revocation list, dates were generated with
an incorrect TZ information. Depending on the TZ of host, some tests
failed because last update was in the future.
Using datetime.utcnow() for dates fixes the issue.
Change-Id: I2ff30c1a65e07b409aba211d1c60760355bfebbe
This patch adds scenario tests that cover the listener client
authentication features of TLS_TERMINATED listeners.
Depends-On: https://review.opendev.org/#/c/693586/
Change-Id: Ic3a9fa1995709378b68e64aea51e1799867c1bb0
