[Openstack-security] [openstack/nova] SecurityImpact review request change If3f88d8db4a726219573d0f1b65908408e3aa6a9

gerrit2 at review.openstack.org gerrit2 at review.openstack.org
Wed Dec 17 14:01:13 UTC 2014


Hi, I'd like you to take a look at this patch for potential
SecurityImpact.
https://review.openstack.org/139672

Log:
commit 63d392e1e90115c7b07cd8ae76259f2ac151041e
Author: Matthew Gilliard <matthew.gilliard at hp.com>
Date:   Fri Dec 5 16:14:52 2014 +0000

    WIP: Adds ssl_overrides for client configurations
    
    We want to have a consistent way to apply ssl config to the various http(s)
    clients the nova creates.
    
    Following an ML discussion[1], this is a POC for the approach which has each
    client using the global options in CONF.ssl.* with optional local overrides.
    These are DictOpts in each client's config section, for example:
    
        [ssl]
        ca_file = /etc/ssl/ca_file
    
        [glance]
        ssl_overrides = {ca_file:/etc/ssl/glance_ca_file}
    
    The keys which can be overriden are: ca_file, key_file, cert_file.
    
    [1] http://lists.openstack.org/pipermail/openstack-dev/2014-December/052175.html
    
    SecurityImpact: SSL config of Nova's Glance client
    DocImpact: New configuration option as described
    
    Change-Id: If3f88d8db4a726219573d0f1b65908408e3aa6a9





More information about the Openstack-security mailing list