b3e84aafc0
Keystone server no longer supports PKI/PKIZ. This change removes keystonemiddleware's support of PKI/PKIZ and associated code. Change-Id: I9a6639a2aa3774be61972d57f38220f66fd5c0e8 closes-bug: #1649735 partial-bug: #1736985
22 lines
989 B
YAML
22 lines
989 B
YAML
---
|
|
fixes:
|
|
- >
|
|
[`bug 1649735 <https://bugs.launchpad.net/keystone/+bug/1649735>`_]
|
|
The auth_token middleware no longer attempts to retrieve the revocation
|
|
list from the Keystone server. The deprecated options
|
|
`revocations_cache_time` and `check_revocations_for_cached` have been
|
|
removed.
|
|
|
|
Keystone no longer issues PKI/PKIZ tokens and now keystonemiddleware's
|
|
Support for PKI/PKIZ and associated offline validation has been removed.
|
|
This includes the deprecated config options `signing_dir`, and
|
|
`hash_algorithms`.
|
|
|
|
upgrade:
|
|
- >
|
|
[`bug 1649735 <https://bugs.launchpad.net/keystone/+bug/1649735>`_]
|
|
Keystonemiddleware no longer supports PKI/PKIZ tokens, all
|
|
associated offline validation has been removed. The configuration
|
|
options `signing_dir`, and `hash_algorithms` have been removed, if
|
|
they still exist in your configuration(s), they are now safe to remove.
|
|
Please consider utilizing the newer fernet or JWS token formats. |