[Openstack-security] [openstack/nova] SecurityImpact review request change If3f88d8db4a726219573d0f1b65908408e3aa6a9
gerrit2 at review.openstack.org
gerrit2 at review.openstack.org
Sat Dec 6 22:01:06 UTC 2014
Hi, I'd like you to take a look at this patch for potential
SecurityImpact.
https://review.openstack.org/139672
Log:
commit 5e0680bc68d3165d738b02758821375b82a250ca
Author: Matthew Gilliard <matthew.gilliard at hp.com>
Date: Fri Dec 5 16:14:52 2014 +0000
WIP: Adds ssl_overrides for client configurations
We want to have a consistent way to apply ssl config to the various http(s)
clients the nova creates.
Following an ML discussion[1], this is a POC for the approach which has each
client using the global options in CONF.ssl.* with with optional local
overrides. These are DictOpts in each client's config section, for example:
[ssl]
ca_file = /etc/ssl/ca_file
[glance]
ssl_overrides = {ca_file:/etc/ssl/glance_ca_file}
The keys which can be overriden are: ca_file, key_file, cert_file.
SecurityImpact: SSL config of Nova's Glance client
DocImpact: New configuration option as described
Change-Id: If3f88d8db4a726219573d0f1b65908408e3aa6a9
More information about the Openstack-security
mailing list