[Openstack-security] [openstack/nova] SecurityImpact review request change If3f88d8db4a726219573d0f1b65908408e3aa6a9
gerrit2 at review.openstack.org
gerrit2 at review.openstack.org
Wed Dec 17 14:01:42 UTC 2014
Hi, I'd like you to take a look at this patch for potential
SecurityImpact.
https://review.openstack.org/139672
Log:
commit 4bde0cbdf961bbbab8a056a9cf4c57ed8733f551
Author: Matthew Gilliard <matthew.gilliard at hp.com>
Date: Fri Dec 5 16:14:52 2014 +0000
Adds ssl_overrides for client configurations
We want to have a consistent way to apply ssl config to the various http(s)
clients the nova creates.
Following an ML discussion[1], this is a POC for the approach which has each
client using the global options in CONF.ssl.* with optional local overrides.
These are DictOpts in each client's config section, for example:
[ssl]
ca_file = /etc/ssl/ca_file
[glance]
ssl_overrides = {ca_file:/etc/ssl/glance_ca_file}
The keys which can be overriden are: ca_file, key_file, cert_file.
[1] http://lists.openstack.org/pipermail/openstack-dev/2014-December/052175.html
SecurityImpact: SSL config of Nova's Glance client
DocImpact: New configuration option as described
Change-Id: If3f88d8db4a726219573d0f1b65908408e3aa6a9
More information about the Openstack-security
mailing list