Comment 61 for bug 1490804
Revision history for this message
| Brant Knudson (blk-u) wrote Re: PKI Token Revocation Bypass | #61 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
bbfa235
(Get the code!)
I attached the changes to have keystone include audit_ids in the revocation list and to have auth_token middleware validate by audit ID. These are WIP since there need to be unit tests and I need to make sure that multiple audit IDs are handled correctly. I tried it with devstack and it worked for me.
I'd prefer to do the reviews in gerrit, and I don't think that the reviews for these changes need to be done as patches in this bug. I don't think anyone would figure out the security problem by looking at the code changes and the commit message doesn't have to mention it. So I propose that I'll push the patches to gerrit if there aren't any objections.