Code Review / apex-tripleo-heat-templates.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: e5b3b67) | patch
Internal TLS: Use specific CA file for haproxy
authorJuan Antonio Osorio Robles <jaosorior@redhat.com>
Wed, 26 Apr 2017 09:36:10 +0000 (12:36 +0300)
committerJuan Antonio Osorio Robles <jaosorior@redhat.com>
Wed, 3 May 2017 09:46:14 +0000 (12:46 +0300)
commit82ff1acf035d277dd2e7b9d7fc6e060ab2415144
treed8a799b2d00e610b14649e0f074838428684dba0tree | snapshot
parente5b3b671eb82abeb8f4bae9bbf7df1d923439656commit | diff
Internal TLS: Use specific CA file for haproxy

Instead of using the CA bundle, this sets HAProxy to use a specific file
for validating the certificates of the services it's proxying. This
helps in two ways:

* Improves performance since validation will check only one certificate.
* Improves security since we're only the certificates signed by one CA
  are valid, instead of any certificate that the system trusts (which
  could include potentially compromised public certs).

Change-Id: Id6de045b3c93c82d37e0b0657c17a3108516016a
puppet/services/haproxy.yaml diff | blob | history
releasenotes/notes/Add-Internal-TLS-CA-File-parameter-c24ee13daaa11dfc.yaml [new file with mode: 0644] blob