2b83ae20f2
This patch adds two new parameters client_ca and client_ca_data. When setting up a development or testing Octavia setup there is no real issue to using the same CA for both the client and server part (client_ca and ca_certificate, server_ca). However when you have a production environment you want to separate the client_ca and ca_certificate/server_ca into to separate CAs. This is because otherwise if one amphora is compromised it could use its certificate to access all other amphoras. This change is backward compatible since by setting the default value for client_ca to undef the pick() function will select the ca_certificate value by default. Change-Id: I41de310daab5bf1bc623819df40dea61b852ffc9
331 B
331 B