| commit | 2f3563cc53a8f32c43b03d20b7219e52b1c1cf28 | [log] [tgz] |
|---|---|---|
| author | Zbigniew Lukwinski <zbigniew.lukwinski@linux.intel.com> | Wed Jan 08 12:35:23 2020 +0100 |
| committer | Zbigniew Lukwinski <zbigniew.lukwinski@linux.intel.com> | Wed Jan 15 15:22:24 2020 +0100 |
| tree | e0b8f81bebae3486faa063cd03ade474bcaaae9f | |
| parent | fe590c4e28e28f611162f5766681d6396d6fd59b [diff] |
Refactoring of certificates managing and storing
This commit is about third stage code refactoring proposed by Zbigniew
Kurzynski (zbigniew.kurzynski@intel.com) on the mailing list
("phosphor-certificate-manager refactoring"): "Changing the way of
managing and storing TrustStore certificates".
Following changes are being implemented:
- each certificate has its own and unique ID,
- authority certificates are kept in files with random names under
/etc/ssl/certs/authority and symlinks (based on subject name hash) are
created to satisfy OpenSSL library,
- restarting bmcweb was moved from certificate class to certs_manager
class
- certificate uniqueness is based on certificate ID and checked while
installing and replacing operation in certs_manager class.
Tested by doing installing/replacing/removing operations on certificate
storage using RedFish API.
Signed-off-by: Zbigniew Lukwinski <zbigniew.lukwinski@linux.intel.com>
Change-Id: I0b02a10b940279c46ad9ee07925794262133b1b0
Certificate management allows to replace the existing certificate and private key file with another (possibly CA signed) Certificate key file. Certificate management allows the user to install both the server and client certificates.
To build this package, do the following steps:
1. ./bootstrap.sh
2. ./configure ${CONFIGURE_FLAGS}
3. make
To clean the repository run `./bootstrap.sh clean`.