2b83ae20f2
This patch adds two new parameters client_ca and client_ca_data. When setting up a development or testing Octavia setup there is no real issue to using the same CA for both the client and server part (client_ca and ca_certificate, server_ca). However when you have a production environment you want to separate the client_ca and ca_certificate/server_ca into to separate CAs. This is because otherwise if one amphora is compromised it could use its certificate to access all other amphoras. This change is backward compatible since by setting the default value for client_ca to undef the pick() function will select the ca_certificate value by default. Change-Id: I41de310daab5bf1bc623819df40dea61b852ffc9
7 lines
331 B
YAML
7 lines
331 B
YAML
features:
|
|
- |
|
|
Added new parameter client_ca and client_data_data to octavia::certificates.
|
|
These can be used to separate the ca_certificate/server_ca and client_ca used
|
|
which is something you want to do in production environment to avoid a compromised
|
|
Amphora being able to connect to the other running amphoras.
|