Combine fingergw certificate options
This combines the client and server certificate options to make typical deployments simpler. The same certificate will be used by a fingergw acting as a client or a server. A new option is added to tell fingergw to use the cert only for client use; that way a fingergw can act as an unencrypted end-user gateway while still able to connect to encrypted servers. The options are renamed to tls_* to match zookeeper; once gearman is removed, we will have no ssl_* options. Documentation and a release note for TLS fingergw support is added. Change-Id: If3e445336de4644a5303f2ecc7c4a27e4320d042
This commit is contained in:
parent
496e9e3514
commit
e047fc42c6
|
@ -1264,6 +1264,18 @@ Finger gateway servers need to be able to connect to the Gearman
|
|||
server (usually the scheduler host), as well as the console streaming
|
||||
port on the executors (usually 7900).
|
||||
|
||||
Finger gateways are optional. They may be run for either or both of
|
||||
the following purposes:
|
||||
|
||||
* Allowing end-users to connect to the finger port to stream logs.
|
||||
|
||||
* Providing an accessible log streaming port for remote zoned
|
||||
executors which are otherwise inacessible.
|
||||
|
||||
In this case, log streaming requests from finger gateways or
|
||||
zuul-web will route to the executors via finger gateways in the same
|
||||
zone.
|
||||
|
||||
Configuration
|
||||
~~~~~~~~~~~~~
|
||||
|
||||
|
@ -1327,6 +1339,42 @@ sections of ``zuul.conf`` are used by the finger gateway:
|
|||
also be zoned and unzoned finger gateway services. Omit the zone
|
||||
parameter for any unzoned finger gateway servers.
|
||||
|
||||
If the Zuul installation spans an untrusted network (for example, if
|
||||
there are remote executor zones), it may be necessary to use TLS
|
||||
between the components that handle log streaming (zuul-executor,
|
||||
zuul-fingergw, and zuul-web). If so, set the following options.
|
||||
|
||||
Note that this section is also read by zuul-web in order to load a
|
||||
client certificate to use when connecting to a finger gateway which
|
||||
requires TLS, and it is also read by zuul-executor to load a server
|
||||
certificate for its console streaming port.
|
||||
|
||||
If any of these are present, all three certificate options must be
|
||||
provided.
|
||||
|
||||
.. attr:: tls_cert
|
||||
|
||||
The path to the PEM encoded certificate file.
|
||||
|
||||
.. attr:: tls_key
|
||||
|
||||
The path to the PEM encoded key file.
|
||||
|
||||
.. attr:: tls_ca
|
||||
|
||||
The path to the PEM encoded CA certificate file.
|
||||
|
||||
.. attr:: tls_client_only
|
||||
:default: false
|
||||
|
||||
In order to provide a finger gateway which can reach remote
|
||||
finger gateways and executors which use TLS, but does not itself
|
||||
serve end-users via TLS (i.e., it runs within a protected
|
||||
network and users access it directly via the finger port), set
|
||||
this to ``true`` and the finger gateway will not listen on TLS,
|
||||
but will still use the supplied certificate to make remote TLS
|
||||
connections.
|
||||
|
||||
Operation
|
||||
~~~~~~~~~
|
||||
|
||||
|
|
|
@ -0,0 +1,22 @@
|
|||
---
|
||||
features:
|
||||
- |
|
||||
The finger gateway and executor log streaming system now supports TLS
|
||||
connections.
|
||||
|
||||
Normally zuul-web makes a direct connection to an executor in
|
||||
order to stream logs. With this new option, that connection can
|
||||
be encrypted if it crosses an untrusted network.
|
||||
|
||||
The ability to route log streaming connections through finger
|
||||
gateway servers was recently added; these will also use TLS if
|
||||
required.
|
||||
|
||||
The finger gateway server can also be used by end-users; in that
|
||||
case it may need a TLS certificate to use if it is required to
|
||||
connect to an encrypted executor or finger gateway to stream logs.
|
||||
An option to disable using TLS when acting as a server is provided
|
||||
for this case, since there are no TLS-enable finger clients.
|
||||
|
||||
See :attr:`fingergw.tls_cert` and related options to enable
|
||||
encrypted connections for all three components.
|
|
@ -4,12 +4,6 @@
|
|||
openssl req -new -newkey rsa:2048 -nodes -keyout root-ca.key -x509 -days 3650 -out root-ca.pem -subj "/C=US/ST=Texas/L=Austin/O=OpenStack Foundation/CN=fingergw-ca"
|
||||
|
||||
# Generate server keys
|
||||
CLIENT='server'
|
||||
openssl req -new -newkey rsa:2048 -nodes -keyout $CLIENT.key -out $CLIENT.csr -subj "/C=US/ST=Texas/L=Austin/O=OpenStack Foundation/CN=fingergw-$CLIENT"
|
||||
openssl x509 -req -days 3650 -in $CLIENT.csr -out $CLIENT.pem -CA root-ca.pem -CAkey root-ca.key -CAcreateserial
|
||||
|
||||
|
||||
# Generate client keys
|
||||
CLIENT='client'
|
||||
openssl req -new -newkey rsa:2048 -nodes -keyout $CLIENT.key -out $CLIENT.csr -subj "/C=US/ST=Texas/L=Austin/O=OpenStack Foundation/CN=fingergw-$CLIENT"
|
||||
CLIENT='fingergw'
|
||||
openssl req -new -newkey rsa:2048 -nodes -keyout $CLIENT.key -out $CLIENT.csr -subj "/C=US/ST=Texas/L=Austin/O=OpenStack Foundation/CN=fingergw"
|
||||
openssl x509 -req -days 3650 -in $CLIENT.csr -out $CLIENT.pem -CA root-ca.pem -CAkey root-ca.key -CAcreateserial
|
||||
|
|
|
@ -1,17 +0,0 @@
|
|||
-----BEGIN CERTIFICATE REQUEST-----
|
||||
MIICrDCCAZQCAQAwZzELMAkGA1UEBhMCVVMxDjAMBgNVBAgMBVRleGFzMQ8wDQYD
|
||||
VQQHDAZBdXN0aW4xHTAbBgNVBAoMFE9wZW5TdGFjayBGb3VuZGF0aW9uMRgwFgYD
|
||||
VQQDDA9maW5nZXJndy1jbGllbnQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
|
||||
AoIBAQDPX5Gp5o1RcWHmZvhTl9HbHYpN83nOLtK9u6l258j7ggSh3H8O6slELCMy
|
||||
0tIyv4ZYK7WwLtGpjpDegd/L5JOq40xtmDmxXuJI22GJdFsowq/Tc11ShHSrJh2j
|
||||
JiqmRaCM2zPexya9Fqa6ZkIBI+V/VLVEWZZP2zEXeIZVHDrKLJ5plQkA2LiBYsz1
|
||||
U/ZiIfXmjYAXQorIVoCA6VWfQvdfkc8z893SJphrOXhNQkG37FRVrZIuMeF/0xV3
|
||||
eAMhLinfzOs5p8RYpvaNOtol0UglGV2xQZO8L0pXjwVue9NVui7vTVaXMzDUNBQF
|
||||
PjLIuLsEnV8qhBOCCI7GI62Or8QJAgMBAAGgADANBgkqhkiG9w0BAQsFAAOCAQEA
|
||||
j/VaictR9BOlM2W7H4GILyxOvIvHWLmXAoh73/TbLwGmzclGPDS3rnV+3oLNK+tk
|
||||
mYzcHXBxidNg2nMAUiBgNPydy+OSUtuTrUP7lBOPPlV+gDJjx+raVSKEXIRDmHTP
|
||||
dAcD02xCO8Gr5S6eI4k4lUT8ugQGsm+02MU8e+NzB/v0RFwXTUltcrxJo7CkPY71
|
||||
WFTs3t/ktAPzFOeIcVaiwa1fKBYnPM7S9LxpUOFTO77T3aq4drDYoZe3VBz9eJOB
|
||||
Qu6UHiOuHkmKrY9UXfiqvK/AgKGZopc6kj0JP54J3v7jnNhIjcFm97QD1qXcFi6t
|
||||
v6zk4eF4kvotv/N70gUx+w==
|
||||
-----END CERTIFICATE REQUEST-----
|
|
@ -1,28 +0,0 @@
|
|||
-----BEGIN PRIVATE KEY-----
|
||||
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDPX5Gp5o1RcWHm
|
||||
ZvhTl9HbHYpN83nOLtK9u6l258j7ggSh3H8O6slELCMy0tIyv4ZYK7WwLtGpjpDe
|
||||
gd/L5JOq40xtmDmxXuJI22GJdFsowq/Tc11ShHSrJh2jJiqmRaCM2zPexya9Fqa6
|
||||
ZkIBI+V/VLVEWZZP2zEXeIZVHDrKLJ5plQkA2LiBYsz1U/ZiIfXmjYAXQorIVoCA
|
||||
6VWfQvdfkc8z893SJphrOXhNQkG37FRVrZIuMeF/0xV3eAMhLinfzOs5p8RYpvaN
|
||||
Otol0UglGV2xQZO8L0pXjwVue9NVui7vTVaXMzDUNBQFPjLIuLsEnV8qhBOCCI7G
|
||||
I62Or8QJAgMBAAECggEAIIMoUE3wTBuNsNTmDB0abtMj0vLgXv4iVlLsz9KpRR1u
|
||||
Yn4ygYE4CvMslZROFlzG0F4R/0xn3MCYX/pWvx3YNQur+ObL7M4mhiu3EBjpDevw
|
||||
KyPENuLDc+3m6aRbPXRfJpZbfIsWvMCnZUQRByK8oYkDXnL5SQ3hlX90+DUT1ox9
|
||||
4LV5sQeqW5xfEraRW9qSGzi9Ns/WokuiFfR+ur3gp1j20w2bEzkZ9Nz+Sipj48jO
|
||||
uJSv5+upc/osIFiwGz59aPt+sOJq+bt3JJgxyJFvciMjOwLCoNrTsamv/0/Dsykk
|
||||
UNvBthDcm4lNL3GMEgB/sUQ6UX7XJ1C6IAA11wTgcQKBgQD3HoErqi6D0+mkzhKw
|
||||
3KkFMQlf+KxeTy9T00rZU3iVnccQUOZ5t1k3C6NRD5fzS3lDfqfD1KixlV3GJcy9
|
||||
dfxyhPErMJ3DttrIq90eTW1v9h95ZTYnoIoC8kzpwQSIEsEApl/VxQR6u1NHtoYW
|
||||
ItBffsN1xhGN49JL2AvUxFxDBQKBgQDW02ceujc20Dx44BULwh3tZoo3/8QBhEiG
|
||||
p+yNNRP4b7UEABE/6F7HZon9tDFxbLTHTnqrYQvIDgvEmuxdBAAxsy8S0WBpHwIy
|
||||
nNeIc63ENmLfryGUoQ2iLEscYA+/ZD0WN5XQTcVOBJmGDdKbxluFgp1BH9pTb4ZG
|
||||
5fZqQyuUNQKBgQCkykPLEW55XHxG+WC/bjaMDro4tISFU3q1BIa6TA5yf0d62ugG
|
||||
rLyil3EuIh7rEB5qYvCPB6YC3h8tfpF8mkxhNcP5UC80jyBwhyMqDOn4qoEsm9C0
|
||||
NjsyYc/mZV+XOiJYQ5pO3FXzXi3X+aCK7GZV+Btx00Zrf0wCZazmEpeP3QKBgHfe
|
||||
5IaPz+llDqlAGF5EReDHO879h4h1IOcKYoN0n50b7/y4cOehKOnI/Ky1VHV+++zO
|
||||
jMJ+V02dENH2xHcumVEiM90jOdHOfLJzNA0ux0JaOpeoKGu/5lSctJizvXXFYBS6
|
||||
lXzzOGpNRME5i1BiwYThGhBRzsiJzXpYLUSkEHgVAoGATNJDp5kMDbzB8A8dlwL2
|
||||
LEbufOu9+SLJJB/3M24+WioMSGxoZvkF2rpYdvR83QuOdEKBQlao2gwPNNMckMfh
|
||||
twLKj1EvkQzQ46y+R8Ay3Sc5XNeTZ7vG8ysewP41b+RDPSkC1jTbCrHvXDO4D7Zi
|
||||
RJkw3prbAP8PblFPjaa0P9U=
|
||||
-----END PRIVATE KEY-----
|
|
@ -1,20 +0,0 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIDRjCCAi4CCQCTQgbVwTy7RzANBgkqhkiG9w0BAQsFADBjMQswCQYDVQQGEwJV
|
||||
UzEOMAwGA1UECAwFVGV4YXMxDzANBgNVBAcMBkF1c3RpbjEdMBsGA1UECgwUT3Bl
|
||||
blN0YWNrIEZvdW5kYXRpb24xFDASBgNVBAMMC2Zpbmdlcmd3LWNhMB4XDTIxMDUz
|
||||
MDAwMzQ1MFoXDTMxMDUyODAwMzQ1MFowZzELMAkGA1UEBhMCVVMxDjAMBgNVBAgM
|
||||
BVRleGFzMQ8wDQYDVQQHDAZBdXN0aW4xHTAbBgNVBAoMFE9wZW5TdGFjayBGb3Vu
|
||||
ZGF0aW9uMRgwFgYDVQQDDA9maW5nZXJndy1jbGllbnQwggEiMA0GCSqGSIb3DQEB
|
||||
AQUAA4IBDwAwggEKAoIBAQDPX5Gp5o1RcWHmZvhTl9HbHYpN83nOLtK9u6l258j7
|
||||
ggSh3H8O6slELCMy0tIyv4ZYK7WwLtGpjpDegd/L5JOq40xtmDmxXuJI22GJdFso
|
||||
wq/Tc11ShHSrJh2jJiqmRaCM2zPexya9Fqa6ZkIBI+V/VLVEWZZP2zEXeIZVHDrK
|
||||
LJ5plQkA2LiBYsz1U/ZiIfXmjYAXQorIVoCA6VWfQvdfkc8z893SJphrOXhNQkG3
|
||||
7FRVrZIuMeF/0xV3eAMhLinfzOs5p8RYpvaNOtol0UglGV2xQZO8L0pXjwVue9NV
|
||||
ui7vTVaXMzDUNBQFPjLIuLsEnV8qhBOCCI7GI62Or8QJAgMBAAEwDQYJKoZIhvcN
|
||||
AQELBQADggEBAA/zWymoNTQBwfYf9sog2I1Dn0AdfjBFUaupbWBD/9iYmqZkesZF
|
||||
GkrPkHGs4lWhHfLiS/je84/ZKZmdd5h+7d0xydh+DAquSIBxMf8jSxDG6wj51XVi
|
||||
oTw3qmacncAK7U4EUCH3GCxBwxgFIFYxv2wfyvYfqyPRgLpajWwSkAoKCxIUAvqv
|
||||
1gNA/Qj6YW8S9yRgwt0F7xxz1v5thnZw80N4OZsxY7kujMa+kBIg9eZj7jcrtVrQ
|
||||
+1viNToHDb/ty+edZUwUSZmr1JGr0G6mArlQYeS7G4jMOCKdlqdDPbwwFAQGf+l4
|
||||
ZDnDHBKHUSXtJaCOfYHuAcRq+THmrv5LV+k=
|
||||
-----END CERTIFICATE-----
|
|
@ -0,0 +1,17 @@
|
|||
-----BEGIN CERTIFICATE REQUEST-----
|
||||
MIICpTCCAY0CAQAwYDELMAkGA1UEBhMCVVMxDjAMBgNVBAgMBVRleGFzMQ8wDQYD
|
||||
VQQHDAZBdXN0aW4xHTAbBgNVBAoMFE9wZW5TdGFjayBGb3VuZGF0aW9uMREwDwYD
|
||||
VQQDDAhmaW5nZXJndzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALmR
|
||||
Do2o+4Gf/EAEweWexbPe82xcIfx5JtnGIr5yNA8vq4xYYNLDb/qjzJuVhZ9nfGmI
|
||||
dtH0ohEdsZKZszuKbTo0fJSXDbUkbddt3fk8b2Zn3k0FoinY6CQP2rTFo4MW0Yqr
|
||||
7JTQAeo9cxuWqulT8jnJdNe2J4H2vfHBBpLQWoYGX+J0nMQg6jpz3gVYYEik46nS
|
||||
W38ONcBGW2nKBemJUZtyA6Usynw087HM15zoUYMSF5oHTI3I8ivSK+8D9VB3gFT5
|
||||
ZOLuWYHnBLzKs2OajTZDvs7/066Qg9Nnefg5iMsiIwIGN42jGNnzUVQe9po1UTlz
|
||||
5MqykxHup28e2rWNHp8CAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IBAQB8Aoyfjk3Q
|
||||
lX8Thz1ruEdmWuOfI+LPOYTL5Ea0XSA22qCzPVuBt29Ljlu3PZz1H3oU3hKm/pA6
|
||||
4BsOnLfZ4SHDnhLcPTHRSKsYfZyiTs3OUIoCBxWENow6TDiOx89dxcfB4fhplXsN
|
||||
l7KTKeIEJFzassBSDPYkAuJ1npbA5GOpzv6CPCs2RPVfARgXkYtJWNPOUqM2JJ4w
|
||||
M/9VOdADbGBRF5cyt9T0SSkvlea+vpjvGOg9sAMx7TjI+SjktYI6WbKKbWnAmMTM
|
||||
DC9oJjwIHf5a09fNNbZOmttsJnELqgJutkIXP1SH0SE9QI8fYlPXSmiaaCGPsE98
|
||||
QKeaO2qlNvUK
|
||||
-----END CERTIFICATE REQUEST-----
|
|
@ -0,0 +1,28 @@
|
|||
-----BEGIN PRIVATE KEY-----
|
||||
MIIEuwIBADANBgkqhkiG9w0BAQEFAASCBKUwggShAgEAAoIBAQC5kQ6NqPuBn/xA
|
||||
BMHlnsWz3vNsXCH8eSbZxiK+cjQPL6uMWGDSw2/6o8yblYWfZ3xpiHbR9KIRHbGS
|
||||
mbM7im06NHyUlw21JG3Xbd35PG9mZ95NBaIp2OgkD9q0xaODFtGKq+yU0AHqPXMb
|
||||
lqrpU/I5yXTXtieB9r3xwQaS0FqGBl/idJzEIOo6c94FWGBIpOOp0lt/DjXARltp
|
||||
ygXpiVGbcgOlLMp8NPOxzNec6FGDEheaB0yNyPIr0ivvA/VQd4BU+WTi7lmB5wS8
|
||||
yrNjmo02Q77O/9OukIPTZ3n4OYjLIiMCBjeNoxjZ81FUHvaaNVE5c+TKspMR7qdv
|
||||
Htq1jR6fAgMBAAECgf8FzIKn6p/xbQ508bEde9ixxkXVHQvy19Ze99IeIXN/Bf5W
|
||||
ZGyiKXlWW8gJFKMYWCOLKLiN1xc5cbQa4LK5KZpAN2OtQQssnfbQxJ4rK7hPeu93
|
||||
eLWYmS6n8dbjz0lMz2m866J5BAcLSuBN/Gda40SuiZ0dIJQbe5pz85RBAkHR7lNu
|
||||
kJbMMpeVUllwlqynOEFPR2A7HrdnzstkJTDt3/Y6jrh0+ZE0TBdjfbPF0lK6NQoa
|
||||
GbHCEIxjY45ZXNgGSdj9V50XH0sP/sAhtAjZW31HZlXz3Z4giOLxGlEjUykbWJDj
|
||||
weqtrgvdQnb9U+1KOKZi1HkB/ziIuDSdEzAJs8ECgYEA4v+XW2cr5A/u+2kCZ1sW
|
||||
Hx6LiLYnGKRVzeXAjc1iOsLv9oaJa7HuJqBw3tRZ6deA6Wb5DHnoofiybc7+v34m
|
||||
uqhXLIUk3au54Lg65RdHiE8m61N6t4lC8z1aolx1yX7r+lIvI5rxIxFryTm2UBxK
|
||||
nNQv2kZAxq4SA1JXH9xxYbsCgYEA0UZclcPIjS1HCj5SUTDxs5ow4nkIzEsqJyX2
|
||||
1boKk4fjrKhimQ6dVx65EFfLVhqYpE6UxJuWgbUhhoKfCW4U3MaO6oY9NezzH/YK
|
||||
fJ/IMIqpKDUS3GBtIVZkj+c6MXwAoSV9Rf+axF69ACELUrksoPXoj7Vqe2XE+XPO
|
||||
FzyiZm0CgYAvHOErJVSktvHg2ECZdvw2ZT6Ml1Gx+ZmdbEv0omX60C7BudaXtYw6
|
||||
FB6ZAPXQZNvqlWanQj4YL+fIhqe00tfy8bF2GgQ2xceEbng6yAQetF7dhKv5n9F3
|
||||
bop7HDmOInuTrq798tCNeLYoQ4QlSFnsBtYPtXkIQ2SVr+dJQ5V8tQKBgAFamy68
|
||||
3YdMS7FdRdsQnf+zd61/avcnZVZrgHVRhs/9iROM41ZqKcpugHQCnWYpNeOaPown
|
||||
FYoxSc48+hptg+UJw9Lwm2TF66zBQsAbqIfn3cBM15plZU9Z57ymmlHHo5lnTLAv
|
||||
PykWE9L0Y8ZdPFSuQprraYzy05tpjGPKGKLhAoGBALOw3YpWOGi5AJ0BFz9pX6wT
|
||||
Wk56qYOO6kImKtgwGRXFlEOKUWpDGP0UV5slVnYE23SN5v9kvKnLI86YYDupYszt
|
||||
MmvjxMNz1gfvvsZXv0KUxG8LDDZB11rP3fBAwQk6GMuUAKpQLVh4rgTi+Di3pzO6
|
||||
0p/czuW+jXpZ+0MsbPzT
|
||||
-----END PRIVATE KEY-----
|
|
@ -0,0 +1,20 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIDPzCCAicCCQCTQgbVwTy7SDANBgkqhkiG9w0BAQsFADBjMQswCQYDVQQGEwJV
|
||||
UzEOMAwGA1UECAwFVGV4YXMxDzANBgNVBAcMBkF1c3RpbjEdMBsGA1UECgwUT3Bl
|
||||
blN0YWNrIEZvdW5kYXRpb24xFDASBgNVBAMMC2Zpbmdlcmd3LWNhMB4XDTIxMDUz
|
||||
MDAwMzYxNFoXDTMxMDUyODAwMzYxNFowYDELMAkGA1UEBhMCVVMxDjAMBgNVBAgM
|
||||
BVRleGFzMQ8wDQYDVQQHDAZBdXN0aW4xHTAbBgNVBAoMFE9wZW5TdGFjayBGb3Vu
|
||||
ZGF0aW9uMREwDwYDVQQDDAhmaW5nZXJndzCCASIwDQYJKoZIhvcNAQEBBQADggEP
|
||||
ADCCAQoCggEBALmRDo2o+4Gf/EAEweWexbPe82xcIfx5JtnGIr5yNA8vq4xYYNLD
|
||||
b/qjzJuVhZ9nfGmIdtH0ohEdsZKZszuKbTo0fJSXDbUkbddt3fk8b2Zn3k0FoinY
|
||||
6CQP2rTFo4MW0Yqr7JTQAeo9cxuWqulT8jnJdNe2J4H2vfHBBpLQWoYGX+J0nMQg
|
||||
6jpz3gVYYEik46nSW38ONcBGW2nKBemJUZtyA6Usynw087HM15zoUYMSF5oHTI3I
|
||||
8ivSK+8D9VB3gFT5ZOLuWYHnBLzKs2OajTZDvs7/066Qg9Nnefg5iMsiIwIGN42j
|
||||
GNnzUVQe9po1UTlz5MqykxHup28e2rWNHp8CAwEAATANBgkqhkiG9w0BAQsFAAOC
|
||||
AQEAPZsVEJCvwMx6ChglKMRlupmzR5amqv++I5z9RHfmig005pIF56HJhxQuxT4h
|
||||
sOLcDHIceJBgVCRV4q38UDjTXYCmVPDrWvl1AMQ2hbaV8XV6/L7nHv8xK8YVYYlD
|
||||
S31HvIDFeWMnRsYosCwqau8TzuSTtSmJGB+Ri64P5kcBMgToeRw24XhrRQHG8myz
|
||||
oECzwsmcNtXseE1xuGl4UgE7bHlkyevqTOlJPXgVR4R7ocmReLK7g9wMGrSrDj4G
|
||||
dzQQcNUS4r2fB/ksI35ZoLv4B6qi7ir7FQ78OTtl6lKAhZuu98QfwkhM/L6JVwTs
|
||||
fAb0xxKYzGpcJpjjUzfGUIsEBQ==
|
||||
-----END CERTIFICATE-----
|
|
@ -1,28 +1,28 @@
|
|||
-----BEGIN PRIVATE KEY-----
|
||||
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC03ectwEf0Itw1
|
||||
u9ySo3VJOXWNLg0p01m4t3z4CyA15Oh2XlnDoTrio4FTZnZblZRd8kXZ0AGhC6Ln
|
||||
eIJqJc+79Y8S2sKrl6nJuNcRt4UFdZqyyUCyU9EgY5nK28zge1OxNlSJ5ZTcM1I8
|
||||
YFhJDb7sM5ZChTaOp2OjuZOePoF7hp+lZTEdhczLC/e35LY84dd6i6QxBJ9reaOF
|
||||
nan+EqX5CVmFCGWvmnTpxkZvSFtkhdvG+IC9r1SX9lZi1JZEKCVodgNozcwWTLFD
|
||||
Pi2CxSY+HMXwYYNJfh7GOxsy6a13TtCJGwNM5F5Ol7iVK35zYrzE4HWnxP+P+TtB
|
||||
rZ70a4EDAgMBAAECggEAY8/+D1KIouNGEWVOMaKBTFqoU7QxUX6wie7AyYYiTXu5
|
||||
CfHBqeNlQsOm0CbAdIRUr4/PGoffDkgEq6bmmbuqK3k1bttJCTcWXRtjnQRhJYUk
|
||||
TTwhNwhoZW5x5fBs3QlSQ37PIpaPEwJDhMxKjG5IicNiTe2EES+xHh6Ap5ipDkhr
|
||||
7fJ1WEEq2zerSA1K8d/BT7Fx1OCSqmemkfpQsaQ1Na71HT97XPMI2JVBLklKsr2U
|
||||
aOiagYM6jsxwzVW+rBPmwZie8UC4+/ZKU9+yhkEOB8T/z2/kiuFwHyReYNWlFc4B
|
||||
wiYk297r/ucwRz0lfMPrPDoUWoTrcLpBNP0wAAnm4QKBgQDmaMtMhldS+RB+CrO1
|
||||
JbR6o0ek2TN79p4L6klgFw/MLvpsRqsoZ/MPiRiOW3q+vud+wnfSkxD8fLWF2Sk/
|
||||
xTvgavIgnMiauea0pIlKPmPYcP/TrXT66ApHK/jfN7+M4a1jnqQE1mo3a6bPnjwZ
|
||||
nBd4RRKM64q2CRrqrVWreeaMUwKBgQDI9HiETLqGnXNihLTqP20oaK7162kI0jJf
|
||||
Pr04KE8VtvleJAHwf7CVxkeJ6oTySWo+tHfvjDVmsdCwwgXMVhAks+fQLpZv9qOf
|
||||
U72Kqy5NjDKvyxdB4fVwNpJn/91HbUijfs/gN5wFu6tiyvgNddZiTgjlNo9BT7sW
|
||||
LpVejqEikQKBgQDGsMnX1OWK7LL3Lj1oUfp/4zwOASuvk60Y81GRJnH+Duju5EYG
|
||||
0xU8aWoeoO6JfNDec86mbSIxyU0z/l/e2TPYRAFGdE1deEBluJmXx5OMe21xWdxN
|
||||
3jm2xEmaHFX3pElEZfJlJY10+0VfNsH3B68JjO8BTMFSVym6A/2joLxadwKBgGOw
|
||||
GyUOZy2mZ/oEeTcHVeBI5hpquMU+eOyU1AtKu8i650PTOv8SaQgzv4NkSqVi1Ajd
|
||||
P+4esNML/MnixjuSqhl7AdFdexV51buRMCLdPnALz40zg4sUS8xp1gEvhZcMWI96
|
||||
tia1j3msmp28sIcE4OANdA45HaG5qsabP1AUE01xAoGAbMheTH2x5YpY1mbd68Xf
|
||||
SOrRuJQd8jjrptQxmdW4x/junLYIVlacth0Fdm8e69qdbOuk1I4+4xeC7+CzVIvX
|
||||
RrfNrfyTjpY64Kl1xKJIShkKcH7rAKLnCrHJkt9oODtQpvHEqzj8ZYxYBHOVIejp
|
||||
k8HR+8OE9GDvPXSgyRfz7b4=
|
||||
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDaSw79QrdHET9c
|
||||
VbI1u3xRetIJiPSPHS/i5mtd8bQfBpUn8m2MrDqPBI3evd0YFouElOpxpb3YtCPd
|
||||
jvrGxx+EjLcBidCqNWnsM3KupD5dnmjvQXUC6Z3L3NqkYOF2FMF4TH98+LGTBc4V
|
||||
3jxiSPjY4h6xzzy1pjpVUmvQqEXjetsgSFUQGCiZlqEbALYKTi8duBBZKIfACkDI
|
||||
zeOQ3866wVeueSsSBEx3UXul1+xNxGu2D2YCFJv4sq8SPdFn13clJ001g/obOTWi
|
||||
WFnoxR+4YaCmxrNj0SnGbbneFxU1nOeb4mutD/uWxy9fkN3laxos9rexoC2xlDTh
|
||||
iNHMLvavAgMBAAECggEAM/6Q0W4krX7EMsAOtJG1qMqyYKcIaVYwY8Eybav2lTVC
|
||||
LcOmqE0VnZ8eE6HxmZ01Gh1GQk+SCp3NtSYrQVGIhk/l/y3OT9xtIF+Yv1RLroze
|
||||
va4/qrPua/Js+Z5B1ZhYBMljzGaIFVbaoYbPpzFuZGpnmT6dXT78wfnhyE9sZiQa
|
||||
k/oRALkmoC6H57g9JhW8mHsZyyw3grdenNdP4H5MWoBof1yl6mu6haQF50mGnXJJ
|
||||
Ecv7bUnLSavVg2sX/bkbozZoeRb+Mz907LlU57ORJ+LXj9TJZU4+pflA8x58RkJV
|
||||
olC0nncT758EpNBm6dOMTGz5OMN1cxUjhZK/WNjc8QKBgQDtYLgJRvUBr3kUWhi7
|
||||
rwHWrtKSutFc+w76LhmyleNeAuqg51oNNuNbbwcIXgs2IaNkWdnHJzgxdeMMXKaQ
|
||||
9J3YXTu2SvsV+o+VC1spitSV+XYVTNZSbI+OlHIHo2vnmiW3ho12T1+EKXcmTV3d
|
||||
dfpz8feEd6otM/PNysJJv4qhXQKBgQDraw/FhkGy8kvcfCf0nIWaKOhGLtJy+odX
|
||||
Moiv+7RueYHYZqwZxXQ8nN0STb7nldO2Pub65voOrmIZQkppiNJpJgVwz7aodhxj
|
||||
zzQAwgkwcRZCIb9r/CY4K4X2tVkXSprXtfpqo0MS2jD4UDS2NNHdbrNoAU4ZDHVs
|
||||
6mS1Ub87ewKBgQC4ZQJxCnK2XXXDzn0aBkd6WhFvM7oA7XFj/D2wEWkulTtnxG+a
|
||||
hkG0vBmNcWhqI1VGVdmrL5ciLL4z0yD8x1h6Q2poH/TNzPaOQ+UL7zFWUxNcVnTC
|
||||
UFxv2HZ/4n2myoJz/wySk/PRuVg6I60/pC7qtFKez0odlRbVjKTCHw10bQKBgQDX
|
||||
HKDwsFjgFp5S/e/UiCFcV/zGBIqwHVQFzVsw0yJvv/9xqX+gnNg1enBXBUtneXRW
|
||||
luugX+Yl/BoPUo+EF02MXv2hs2sIS8RtPywZdTPIW80m6IdtOJ4DvWFPqS2bJsSO
|
||||
Tu5e+oeTdmRAwakoxOLvHvQ4GNkv8j5qI1OaivPeeQKBgAa/XxNKZz3WZuUATspR
|
||||
7wuiB8mtXdk7ISVFMlNbLD1d/S1tYw0Nia09ofSJ/4ZnRYxu05nF4uI2Q9Acif9F
|
||||
rZR5lyvNn38Kv3KHBgIG4NUugQtYtgG8CIVQxE6xPqkeiuaHHgk1xrXEBe/z5jql
|
||||
E8l91fLR0Gvow/APAmTRRhEu
|
||||
-----END PRIVATE KEY-----
|
||||
|
|
|
@ -1,22 +1,22 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIDpzCCAo+gAwIBAgIUbe9RwznpVY2LaJxgFpfJls0ORlkwDQYJKoZIhvcNAQEL
|
||||
MIIDpzCCAo+gAwIBAgIUZTc9dtkiuIEtkrqQW4xqxOyoi5YwDQYJKoZIhvcNAQEL
|
||||
BQAwYzELMAkGA1UEBhMCVVMxDjAMBgNVBAgMBVRleGFzMQ8wDQYDVQQHDAZBdXN0
|
||||
aW4xHTAbBgNVBAoMFE9wZW5TdGFjayBGb3VuZGF0aW9uMRQwEgYDVQQDDAtmaW5n
|
||||
ZXJndy1jYTAeFw0yMTA1MzAwMDM0NTBaFw0zMTA1MjgwMDM0NTBaMGMxCzAJBgNV
|
||||
ZXJndy1jYTAeFw0yMTA1MzAwMDM2MTRaFw0zMTA1MjgwMDM2MTRaMGMxCzAJBgNV
|
||||
BAYTAlVTMQ4wDAYDVQQIDAVUZXhhczEPMA0GA1UEBwwGQXVzdGluMR0wGwYDVQQK
|
||||
DBRPcGVuU3RhY2sgRm91bmRhdGlvbjEUMBIGA1UEAwwLZmluZ2VyZ3ctY2EwggEi
|
||||
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC03ectwEf0Itw1u9ySo3VJOXWN
|
||||
Lg0p01m4t3z4CyA15Oh2XlnDoTrio4FTZnZblZRd8kXZ0AGhC6LneIJqJc+79Y8S
|
||||
2sKrl6nJuNcRt4UFdZqyyUCyU9EgY5nK28zge1OxNlSJ5ZTcM1I8YFhJDb7sM5ZC
|
||||
hTaOp2OjuZOePoF7hp+lZTEdhczLC/e35LY84dd6i6QxBJ9reaOFnan+EqX5CVmF
|
||||
CGWvmnTpxkZvSFtkhdvG+IC9r1SX9lZi1JZEKCVodgNozcwWTLFDPi2CxSY+HMXw
|
||||
YYNJfh7GOxsy6a13TtCJGwNM5F5Ol7iVK35zYrzE4HWnxP+P+TtBrZ70a4EDAgMB
|
||||
AAGjUzBRMB0GA1UdDgQWBBQ5IIU3pSweSOMfg/RpBqMRA8a7TzAfBgNVHSMEGDAW
|
||||
gBQ5IIU3pSweSOMfg/RpBqMRA8a7TzAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3
|
||||
DQEBCwUAA4IBAQBFj7FHoXxAC+jv2o/BeD2Sc+KntYi82Rtlt31aJ35zMk4/qE7Z
|
||||
mM0pgc/xSZ+mchKzOIW+aVDxE/+WdptVZTiBmJao4hZ3tsCMZZiW9ocSBtlhYICq
|
||||
vxCpK8ISQ3JjdVMgorsMPEd5pF9PKTbRSBSaDoHiduH4rHYzsBslnPfvx8vstVdI
|
||||
4CvCEkNKvBfuqir0ZDObXTUT4Q80sZYWy/vcB+rxxofSQjP03Id+Wu0fIxPg6Ggi
|
||||
ZjO33LNnNWEob1UV1A1VZMlGKHkVK5Ib4wtWdc8fnIbmpWGuGgJeaD+XiXprlrkY
|
||||
wzMA2im8teUM+u6P0adI42ypyUJa056mHH79
|
||||
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaSw79QrdHET9cVbI1u3xRetIJ
|
||||
iPSPHS/i5mtd8bQfBpUn8m2MrDqPBI3evd0YFouElOpxpb3YtCPdjvrGxx+EjLcB
|
||||
idCqNWnsM3KupD5dnmjvQXUC6Z3L3NqkYOF2FMF4TH98+LGTBc4V3jxiSPjY4h6x
|
||||
zzy1pjpVUmvQqEXjetsgSFUQGCiZlqEbALYKTi8duBBZKIfACkDIzeOQ3866wVeu
|
||||
eSsSBEx3UXul1+xNxGu2D2YCFJv4sq8SPdFn13clJ001g/obOTWiWFnoxR+4YaCm
|
||||
xrNj0SnGbbneFxU1nOeb4mutD/uWxy9fkN3laxos9rexoC2xlDThiNHMLvavAgMB
|
||||
AAGjUzBRMB0GA1UdDgQWBBSPLANuMAsLh0dwqV7WMzR3Oxn/dTAfBgNVHSMEGDAW
|
||||
gBSPLANuMAsLh0dwqV7WMzR3Oxn/dTAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3
|
||||
DQEBCwUAA4IBAQDLTwrQv4C427U3I2hyBUYLKfhJvVgTvnTUMIFUvRbLRFIkAR63
|
||||
fPAMSfpTclS9DmmQ6Wcza4kIu4iWEQ9RzDVvdl/pIhAlT8pdpR5ejH1RNekw1Tf9
|
||||
LLVvx+RpGKWSP80ZYDmvGKcROOtVgXadRQeMewejXQ2SNPlgJLGmjHWi++ypBPqN
|
||||
7v9gMi37JiL2gA/Iy2ZKkllh7u1NeAa5VLc27Et8ZowndWEdlMD2c00c9P3jcJHl
|
||||
0qIrDfTRDRTaUxqrBW6HHJxz7tWFWANa7LCo+HbwUZQ+cBmlKQvMEO6EQ0h4bLpw
|
||||
0nVkQVYw2FzBk9bmjE0QLGRz58VgKewTXEw3
|
||||
-----END CERTIFICATE-----
|
||||
|
|
|
@ -1 +1 @@
|
|||
934206D5C13CBB47
|
||||
934206D5C13CBB48
|
||||
|
|
|
@ -1,17 +0,0 @@
|
|||
-----BEGIN CERTIFICATE REQUEST-----
|
||||
MIICrDCCAZQCAQAwZzELMAkGA1UEBhMCVVMxDjAMBgNVBAgMBVRleGFzMQ8wDQYD
|
||||
VQQHDAZBdXN0aW4xHTAbBgNVBAoMFE9wZW5TdGFjayBGb3VuZGF0aW9uMRgwFgYD
|
||||
VQQDDA9maW5nZXJndy1zZXJ2ZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
|
||||
AoIBAQCq3XOVvoXw7TShJeqnJCoc6GoQppYMYcx9hmOs0P/B346fEVPuHi4LZEVO
|
||||
Z/31tXJUA71LYBYJjhpG1Rk2foJnBaQbpbaFUqrpAWnfPaHIES8Tmty3tdMoDput
|
||||
C7vCXDX6Dq4g9RkttRir8wPQTkiJ3N9WlnDN4G/4VxqgiGYvn4eK5R1DUd3fy8nL
|
||||
9Df8l5J/1FuMCLasYJxYu6Q0dIyaqu2gQxvL4BU0pUhtG1Lgzk6hMl5l5/jIlBDP
|
||||
t+tNNMDMnhtDORhipPwUfAXbu9jTeSOb912CYArGubhxq3Q6/wabhm9fU/ZnmOvc
|
||||
Z0AMI1I3a8AJ6J9563EBb+DBQcsbAgMBAAGgADANBgkqhkiG9w0BAQsFAAOCAQEA
|
||||
pHrR07XajgkT51ubWpCcV5yJpEUdBHPcUSsYXp0Ee0PcylAGdfqYhk1iynaToih1
|
||||
tisOb2p9+Q066Y8Z78OYD+yyMu+cJc96iU5OrP2x4/5QEkF1VBwOryhpAg9PT9sq
|
||||
bnxN5AQM+q0oA/bJ72Sp1685kfd+bdxTXV5sdpckoCBZ7xVbakc6UM6kmvmAgAMi
|
||||
2kzYH5r2AAesaT8OE2HYiWEQlK7f/y3rUt0BnazgzdHDjJegyZyAieqyhJ6Eaobq
|
||||
nlqoftbbxz5fEhnMCy/YE0CcTD1awBThGsUo06K0xD/Um7hH29c+m4dEfSwxOaCq
|
||||
K9oOg6FxiDg0EzT3KaSnbA==
|
||||
-----END CERTIFICATE REQUEST-----
|
|
@ -1,28 +0,0 @@
|
|||
-----BEGIN PRIVATE KEY-----
|
||||
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCq3XOVvoXw7TSh
|
||||
JeqnJCoc6GoQppYMYcx9hmOs0P/B346fEVPuHi4LZEVOZ/31tXJUA71LYBYJjhpG
|
||||
1Rk2foJnBaQbpbaFUqrpAWnfPaHIES8Tmty3tdMoDputC7vCXDX6Dq4g9RkttRir
|
||||
8wPQTkiJ3N9WlnDN4G/4VxqgiGYvn4eK5R1DUd3fy8nL9Df8l5J/1FuMCLasYJxY
|
||||
u6Q0dIyaqu2gQxvL4BU0pUhtG1Lgzk6hMl5l5/jIlBDPt+tNNMDMnhtDORhipPwU
|
||||
fAXbu9jTeSOb912CYArGubhxq3Q6/wabhm9fU/ZnmOvcZ0AMI1I3a8AJ6J9563EB
|
||||
b+DBQcsbAgMBAAECggEAKu9CoBoj5gp08xloAV/hBSqRnGV/xtS8Yb5nRYGvArR+
|
||||
ThI4mNkUkOA9WhpfgmJ5vArEgjA+2V/P0oSxtTPM6L5OInRdjNrc/3fPdr0x7egD
|
||||
gFWlqLQTvzkMfUs5fvlUxuTxdG6iSQ38iRijmLBTIfFSXZun9NO0zx50Hmqn4sc2
|
||||
V9+CkZFmOv9VbIOs/tdFIWWAdb5hmEWTSDyHsr3YGHILcSp6d+nFbFnk3gPBGH4J
|
||||
m0Wii+lWxi4g2MpvcZO/dgrX8SlBwO87uBnYMd4i7/o9jeKZK2Sl7MYhplmtpNX4
|
||||
yhMS1973vWVO/U59eOF2II51LPlu7uUVV8A22kOK4QKBgQDSOY8ZPSIdQvVMtDhV
|
||||
/s1Ne/g6cMSwWroRXRHY0UtXf5ZtCG2XuCdN8qjp1Xay2YEji7f8ldd4ttPAdk4i
|
||||
LzQPs8/qwRPa5rg+I4Jh6zfb2IcPdcOED0wq8yLTYfXwrUsKr7jPGwbKscc+TyD6
|
||||
C6T2NKtruLgjw+JlXUvL5s/RtQKBgQDQEeHiraQYt50WvqxgTfADlxBlFRDMM1Gs
|
||||
KN81ir8VC/+8TKCLEPtqc05eGKjOGdhMFO4inNQ0dufwO+NojLKjY6LBk7lfZqS5
|
||||
2QLWrxCRP+Lh95BzsKvDM3jS1bRVIJS+bFV6Sl33OUD57pCpQL5MD50bneFj4/yq
|
||||
77qk05FrjwKBgAEB2ZerXVB6k6ZMbsCqud0XLPdKtwaJSL7wjTdWuV+v8s6O7cd+
|
||||
UGHlOb31Ed6FgELlVnpVVXT0m0sexf0P8NXqbKKZTjkMRfG2RdemQtxAy1TdoZQu
|
||||
ZpUGGTKeE4mVqvhgIyiK3pt2Aphf1K6eA6pSUkfv2KIDPEB0E/rkHjbJAoGBAIG2
|
||||
JDPEPECMdwnu5FdFPxN94WKit04V0BybfktKq8TbLhqdSphnhdTe/UP764BQ7F7B
|
||||
zZMWYdQzLHS/YQ2UaOki/Bvhk/a9boPNnc9oY9OpGC/2vb7hrLKMLA6D22AWZ6Qu
|
||||
tTr/kYTF1JP6/YQGMJwKP88vpYs4XhPST3Dh1A5RAoGBAMXjBqaV1+hWsNmbvbH3
|
||||
CrHXum1IQBXRCuhvc6yb4SnC8NSnyrBJC92W44IUmMURZuDY8R7creVTmzwVqWWR
|
||||
adzcLrZOblcwi0ooW0D8nEZbORobPGGsCjYyvC9M4TQRZS7kWmux5UDWeAa9jORM
|
||||
1fygOOLhWpOjH7z1NYMjOXgl
|
||||
-----END PRIVATE KEY-----
|
|
@ -1,20 +0,0 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIDRjCCAi4CCQCTQgbVwTy7RjANBgkqhkiG9w0BAQsFADBjMQswCQYDVQQGEwJV
|
||||
UzEOMAwGA1UECAwFVGV4YXMxDzANBgNVBAcMBkF1c3RpbjEdMBsGA1UECgwUT3Bl
|
||||
blN0YWNrIEZvdW5kYXRpb24xFDASBgNVBAMMC2Zpbmdlcmd3LWNhMB4XDTIxMDUz
|
||||
MDAwMzQ1MFoXDTMxMDUyODAwMzQ1MFowZzELMAkGA1UEBhMCVVMxDjAMBgNVBAgM
|
||||
BVRleGFzMQ8wDQYDVQQHDAZBdXN0aW4xHTAbBgNVBAoMFE9wZW5TdGFjayBGb3Vu
|
||||
ZGF0aW9uMRgwFgYDVQQDDA9maW5nZXJndy1zZXJ2ZXIwggEiMA0GCSqGSIb3DQEB
|
||||
AQUAA4IBDwAwggEKAoIBAQCq3XOVvoXw7TShJeqnJCoc6GoQppYMYcx9hmOs0P/B
|
||||
346fEVPuHi4LZEVOZ/31tXJUA71LYBYJjhpG1Rk2foJnBaQbpbaFUqrpAWnfPaHI
|
||||
ES8Tmty3tdMoDputC7vCXDX6Dq4g9RkttRir8wPQTkiJ3N9WlnDN4G/4VxqgiGYv
|
||||
n4eK5R1DUd3fy8nL9Df8l5J/1FuMCLasYJxYu6Q0dIyaqu2gQxvL4BU0pUhtG1Lg
|
||||
zk6hMl5l5/jIlBDPt+tNNMDMnhtDORhipPwUfAXbu9jTeSOb912CYArGubhxq3Q6
|
||||
/wabhm9fU/ZnmOvcZ0AMI1I3a8AJ6J9563EBb+DBQcsbAgMBAAEwDQYJKoZIhvcN
|
||||
AQELBQADggEBAJR0VngrPAMNdbSbVIT5AazqKIlmiEeDjatVhOZWBme9tN7VsKiS
|
||||
1xnX70dbgyX2pii+xKF4QCzvizz/byDdO9Ckf7hZYR+D1j9qosu0XNdNb0Pcrddh
|
||||
cSvWk9W5lryzPFs8SDPoVQ4UpdOTYDYBQB0BTtw1w/i8GAy1AobTqzaezmfcTApw
|
||||
ySnCvqSiLWffKZYaqynw67Lk/tLG6H8kO7bSn9uZzvzvu0X1/E5nSaLu5GltPo5q
|
||||
eiuj1nUm8m0IgU5VJhT3BsoV3M4A4Gj6yqvFZFIoSudpnfYG0NiXGamWR5K7Qg7c
|
||||
KbW3b+1ihkhGFq2wyrZczI5TdALqjndTJXs=
|
||||
-----END CERTIFICATE-----
|
|
@ -157,8 +157,8 @@ class TestStreamingBase(tests.base.AnsibleZuulTestCase):
|
|||
context.verify_mode = ssl.CERT_REQUIRED
|
||||
context.check_hostname = False
|
||||
context.load_cert_chain(
|
||||
os.path.join(FIXTURE_DIR, 'fingergw/client.pem'),
|
||||
os.path.join(FIXTURE_DIR, 'fingergw/client.key'))
|
||||
os.path.join(FIXTURE_DIR, 'fingergw/fingergw.pem'),
|
||||
os.path.join(FIXTURE_DIR, 'fingergw/fingergw.key'))
|
||||
context.load_verify_locations(
|
||||
os.path.join(FIXTURE_DIR, 'fingergw/root-ca.pem'))
|
||||
s = context.wrap_socket(s)
|
||||
|
@ -189,18 +189,12 @@ class TestStreamingBase(tests.base.AnsibleZuulTestCase):
|
|||
|
||||
if self.fingergw_use_ssl:
|
||||
self.log.info('SSL enabled for fingergw')
|
||||
config.set('fingergw', 'server_ssl_ca',
|
||||
config.set('fingergw', 'tls_ca',
|
||||
os.path.join(FIXTURE_DIR, 'fingergw/root-ca.pem'))
|
||||
config.set('fingergw', 'server_ssl_cert',
|
||||
os.path.join(FIXTURE_DIR, 'fingergw/server.pem'))
|
||||
config.set('fingergw', 'server_ssl_key',
|
||||
os.path.join(FIXTURE_DIR, 'fingergw/server.key'))
|
||||
config.set('fingergw', 'client_ssl_ca',
|
||||
os.path.join(FIXTURE_DIR, 'fingergw/root-ca.pem'))
|
||||
config.set('fingergw', 'client_ssl_cert',
|
||||
os.path.join(FIXTURE_DIR, 'fingergw/client.pem'))
|
||||
config.set('fingergw', 'client_ssl_key',
|
||||
os.path.join(FIXTURE_DIR, 'fingergw/client.key'))
|
||||
config.set('fingergw', 'tls_cert',
|
||||
os.path.join(FIXTURE_DIR, 'fingergw/fingergw.pem'))
|
||||
config.set('fingergw', 'tls_key',
|
||||
os.path.join(FIXTURE_DIR, 'fingergw/fingergw.key'))
|
||||
|
||||
gateway = FingerGateway(
|
||||
config,
|
||||
|
|
|
@ -56,10 +56,9 @@ class RequestHandler(streamer_utils.BaseFingerRequestHandler):
|
|||
context = ssl.SSLContext(ssl.PROTOCOL_TLS)
|
||||
context.verify_mode = ssl.CERT_REQUIRED
|
||||
context.check_hostname = False
|
||||
context.load_cert_chain(self.fingergw.finger_client_ssl_cert,
|
||||
self.fingergw.finger_client_ssl_key)
|
||||
context.load_verify_locations(
|
||||
self.fingergw.finger_client_ssl_ca)
|
||||
context.load_cert_chain(self.fingergw.tls_cert,
|
||||
self.fingergw.tls_key)
|
||||
context.load_verify_locations(self.fingergw.tls_ca)
|
||||
s = context.wrap_socket(s, server_hostname=server)
|
||||
|
||||
# timeout only on the connection, let recv() wait forever
|
||||
|
@ -168,21 +167,16 @@ class FingerGateway(object):
|
|||
self.command_socket_path = command_socket
|
||||
self.command_socket = None
|
||||
|
||||
# Fingergw server ssl settings
|
||||
self.finger_server_ssl_key = get_default(
|
||||
config, 'fingergw', 'server_ssl_key')
|
||||
self.finger_server_ssl_cert = get_default(
|
||||
config, 'fingergw', 'server_ssl_cert')
|
||||
self.finger_server_ssl_ca = get_default(
|
||||
config, 'fingergw', 'server_ssl_ca')
|
||||
|
||||
# Fingergw client ssl settings
|
||||
self.finger_client_ssl_key = get_default(
|
||||
config, 'fingergw', 'client_ssl_key')
|
||||
self.finger_client_ssl_cert = get_default(
|
||||
config, 'fingergw', 'client_ssl_cert')
|
||||
self.finger_client_ssl_ca = get_default(
|
||||
config, 'fingergw', 'client_ssl_ca')
|
||||
self.tls_key = get_default(config, 'fingergw', 'tls_key')
|
||||
self.tls_cert = get_default(config, 'fingergw', 'tls_cert')
|
||||
self.tls_ca = get_default(config, 'fingergw', 'tls_ca')
|
||||
client_only = get_default(config, 'fingergw', 'tls_client_only',
|
||||
default=False)
|
||||
if (all([self.tls_key, self.tls_cert, self.tls_ca])
|
||||
and not client_only):
|
||||
self.tls_listen = True
|
||||
else:
|
||||
self.tls_listen = False
|
||||
|
||||
self.command_map = dict(
|
||||
stop=self.stop,
|
||||
|
@ -200,8 +194,7 @@ class FingerGateway(object):
|
|||
if self.zone is not None:
|
||||
self.component_info.zone = self.zone
|
||||
self.component_info.public_port = self.public_port
|
||||
if all([self.finger_server_ssl_key,
|
||||
self.finger_server_ssl_cert, self.finger_server_ssl_ca]):
|
||||
if self.tls_listen:
|
||||
self.component_info.use_ssl = True
|
||||
self.component_info.register()
|
||||
|
||||
|
@ -232,14 +225,21 @@ class FingerGateway(object):
|
|||
self.gear_ssl_ca,
|
||||
client_id='Zuul Finger Gateway')
|
||||
|
||||
kwargs = dict(
|
||||
user=self.user,
|
||||
pid_file=self.pid_file,
|
||||
)
|
||||
if self.tls_listen:
|
||||
kwargs.update(dict(
|
||||
server_ssl_ca=self.tls_ca,
|
||||
server_ssl_cert=self.tls_cert,
|
||||
server_ssl_key=self.tls_key,
|
||||
))
|
||||
|
||||
self.server = streamer_utils.CustomThreadingTCPServer(
|
||||
self.address,
|
||||
functools.partial(self.handler_class, fingergw=self),
|
||||
server_ssl_ca=self.finger_server_ssl_ca,
|
||||
server_ssl_cert=self.finger_server_ssl_cert,
|
||||
server_ssl_key=self.finger_server_ssl_key,
|
||||
user=self.user,
|
||||
pid_file=self.pid_file)
|
||||
**kwargs)
|
||||
|
||||
# Update port that we really use if we configured a port of 0
|
||||
if self.public_port == 0:
|
||||
|
|
|
@ -198,8 +198,8 @@ class LogStreamer(object):
|
|||
context.verify_mode = ssl.CERT_REQUIRED
|
||||
context.check_hostname = False
|
||||
context.load_cert_chain(
|
||||
self.zuulweb.finger_ssl_cert, self.zuulweb.finger_ssl_key)
|
||||
context.load_verify_locations(self.zuulweb.finger_ssl_ca)
|
||||
self.zuulweb.finger_tls_cert, self.zuulweb.finger_tls_key)
|
||||
context.load_verify_locations(self.zuulweb.finger_tls_ca)
|
||||
self.finger_socket = context.wrap_socket(
|
||||
self.finger_socket, server_hostname=server)
|
||||
|
||||
|
@ -1300,12 +1300,12 @@ class ZuulWeb(object):
|
|||
'norepl': self.stop_repl,
|
||||
}
|
||||
|
||||
self.finger_ssl_key = get_default(
|
||||
self.config, 'fingergw', 'client_ssl_key')
|
||||
self.finger_ssl_cert = get_default(
|
||||
self.config, 'fingergw', 'client_ssl_cert')
|
||||
self.finger_ssl_ca = get_default(
|
||||
self.config, 'fingergw', 'client_ssl_ca')
|
||||
self.finger_tls_key = get_default(
|
||||
self.config, 'fingergw', 'tls_key')
|
||||
self.finger_tls_cert = get_default(
|
||||
self.config, 'fingergw', 'tls_cert')
|
||||
self.finger_tls_ca = get_default(
|
||||
self.config, 'fingergw', 'tls_ca')
|
||||
|
||||
route_map = cherrypy.dispatch.RoutesDispatcher()
|
||||
api = ZuulWebAPI(self)
|
||||
|
|
Loading…
Reference in New Issue