[openstack-dev] [OSSG] OpenStack Security Group Task List

Bryan D. Payne bdpayne at acm.org
Fri Oct 26 18:20:18 UTC 2012


> Is the first bullet related to this
> http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf?
>
> The Most Dangerous Code in the World:
> Validating SSL Certificates in Non-Browser Software

Sort of.  There are some much more basic problems with the clients
right now (actually with the python api in general).  Things like not
allowing the use of a user-provided root certification chain, and not
validating that the cert coming from the cloud side is valid based on
your certificate chain.  However, this is a good paper and could
provide some guidance on how to do this stuff correctly.

Another useful resource is:

https://www.isecpartners.com/storage/files/everything-you-wanted-to-know-about-openssl.pdf

Cheers,
-bryan



More information about the OpenStack-dev mailing list