Bug 1041919

Summary: [RFE][keystone]: Permit NSS as alternative crypto provider
Product: Red Hat OpenStack Reporter: RHOS Integration <rhos-integ>
Component: RFEsAssignee: RHOS Maint <rhos-maint>
Status: CLOSED UPSTREAM QA Contact:
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: unspecifiedCC: markmc, yeylon
Target Milestone: ---Keywords: FutureFeature
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
URL: https://blueprints.launchpad.net/keystone/+spec/allow-nss-for-crypto
Whiteboard: upstream_milestone_none upstream_status_unknown upstream_definition_obsolete
Fixed In Version: Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-03-19 17:13:44 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description RHOS Integration 2013-12-12 20:04:35 UTC 
Cloned from launchpad blueprint https://blueprints.launchpad.net/keystone/+spec/allow-nss-for-crypto.

Description:

A variety of crypto providers are available, OpenSSL is the hard coded crypto provider in OpenStack at the moment. Some organizations prefer an alternate crypto provider, i.e. NSS (Network Security Services). This blue print lays out a mechanism to select a crypto provider via configuration, re-factor the code to permit alternate crytpo providers, maintain OpenSSL as the default crypto provider, implement NSS as an alternative, and finally move to in-process crypto library calls as opposed to forking sub-processes to perform crypto operations.

Specification URL (additional information):

https://wiki.openstack.org/wiki/AllowNSSForCrypto