octavia/releasenotes/notes/support-pkcs7-intermediate-ca-bundles-279c12bad974bff7.yaml
Stephen Balukoff a27b5c418a Add support for PKCS7 bundles and encrypted keys
This commit adds the ability for Octavia to make use of PKCS7
intermediate certificate bundles. These PKCS7 bundles may be in PEM or
DER format. This feature is being added since barbican specifies that
this is the preferred format for intermediate bundles in secret
containers.

This commit also re-arranges and/or strengthens several of our existing
tests of TLS / SNI functionality and in the process also fixes a bug
where encrypted private keys were not uploaded to amphorae in a format
that haproxy can readily parse. I have also added several sample or
dummy certificates which can be used for an up-coming scenario test
which exercises TLS-termination capabilities of Octavia.

Change-Id: I14e394bbf48456d2e2a7bbefcc777a1b6f4b83e4
Closes-Bug: #1627356
Closes-Bug: #1627367
2016-10-05 19:51:51 -07:00

7 lines
197 B
YAML

---
features:
- Adds support for PKCS7 PEM or DER encoded intermediate certificate bundles
for TERMINATED_HTTPS listeners.
fixes:
- Resolves an issue with using encrypted TLS private keys.