Open Stack

Hi, I'd like you to take a look at this patch for potential
SecurityImpact.
https://review.openstack.org/115484

Log:
commit f0bfa976af53c01c9e2517956f3c2bd1f2a5d6a8
Author: Solly Ross <sross at redhat.com>
Date:   Tue Aug 19 19:21:52 2014 -0400

    Add VeNCrypt (TLS/x509) Security Proxy Driver
    
    This adds support for using x509/TLS security
    between the compute node and websocket proxy when
    using websockify to proxy VNC traffic.
    
    In order to use this with x509, an operator would
    have to set up client keys and certificates, as
    well as CA certificates, and configure libvirt
    to pass the appropriate options to QEmu (this
    is configured globally for libvirt, not by Nova).
    This is process is documented on the libvirt
    website.
    
    Then, the operator would enable this driver and
    set the following options in /etc/nova/nova.conf:
    
       [console_proxy_tls]
       client_key = /path/to/client/keyfile
       client_cert = /path/to/client/cert.pem
       ca_certs = /path/to/ca/cert.pem
    
    SecurityImpact
    DocImpact
    Implements bp: websocket-proxy-to-host-security
    
    Change-Id: I64859ad01120782fb17308aac3abb125597c3ea2