OpenKMIP / PyKMIP

86%

master: 23%

LAST BUILD ON BRANCH feat/add-client-cert-auth

branch: feat/add-client-cert-auth

CHANGE BRANCH

x

Reset

• feat/add-client-cert-auth
• bug/fix-binary-operator-line-break
• bug/fix-client-open-error-handling
• bug/fix-client-shutdown-error
• bug/fix-conf-policy-path
• bug/fix-cred-assumption-in-server
• bug/fix-datetime-str-test
• bug/fix-early-close
• bug/fix-factory-support-for-object-type
• bug/fix-integration-test-enums
• bug/fix-pep8-whitespace
• bug/fix-server-config-override
• bug/fix-server-failure-on-bad-cert
• bug/fix-table-increments
• bug/fix-textstring-write-value
• dev/add-cryptographic-engine-api
• dev/add-cryptography-engine
• dev/add-kmip-engine
• dev/db-migration
• dev/pykmip-server
• dev/store
• feat/add-activate-to-server
• feat/add-attribute-policy
• feat/add-auth-suites
• feat/add-bandit-to-travis
• feat/add-codecov-support
• feat/add-cryptography-engine
• feat/add-get-attributes-payloads
• feat/add-get-attributes-to-server
• feat/add-kmip-1-2-enums
• feat/add-kmip-engine-create
• feat/add-kmip-engine-create-key-pair
• feat/add-kmip-engine-destroy
• feat/add-kmip-engine-get
• feat/add-kmip-engine-register
• feat/add-kmip-server
• feat/add-kmip-session
• feat/add-object-ownership
• feat/add-operation-policies
• feat/add-operation-policy-loading
• feat/add-opp-policy-name-to-client
• feat/add-server-script
• feat/add-state-attribute
• feat/add-state-enumerations
• feat/add-travis-and-coveralls
• feat/enforce-server-opp-policy
• feat/link-server-logs
• feat/link-session-engine
• feat/sqlalchemy-asymmetric
• feat/sqlalchemy-cert
• feat/sqlalchemy-key
• feat/sqlalchemy-secret
• feat/sqlalchemy-secretdata
• feat/update-app-specific-info
• feat/update-attribute
• feat/update-enums-to-1.2
• feat/update-payload-factories
• feat/update-readme
• feat/use-file-based-backend
• maint/add-bandit-to-default-tox
• maint/add-examples-dir
• maint/add-py26-deprecation-warning
• maint/add-server-deprecate
• maint/add-server-logging
• maint/add-support-for-python3.5
• maint/fix-bandit-error
• maint/remove-library-logging
• maint/remove-old-certs
• maint/update-gitignore
• master
• release-0.4.1
• release-0.5.0
• v0.4.1
• v0.5.0
• ver/prep-release-0-4-1
• ver/prep-release-0-5-0

Build # 333

Build Type

push

travis-ci

Committed by PeterHamilton

Commit Message

Adding session extraction of client identity from certificates

This change updates the KmipSession, allowing it to extract client
identity from the client certificate of a TLS connection. The
certificate subject common name is used as the client identity if
the certificate has client authentication set in the extended key
usage extension.

This change breaks backwards compatibility. If a client certificate
does not define a client identity, the session will reject it and
shutdown the connection. Any client certificates used to connect
with the software server in the past will need to be replaced with
certificates that define a suitable client identity.

Run Details

23 of 23 new or added lines in 1 file covered. (100.0%)

6741 of 7823 relevant lines covered (86.17%)

3.44 hits per line