[Openstack-security] [openstack/keystone] SecurityImpact review request change Ie6a6620685995add56f38dc34c9a0a733558146a
gerrit2 at review.openstack.org
gerrit2 at review.openstack.org
Wed Feb 26 10:02:08 UTC 2014
Hi, I'd like you to take a look at this patch for potential
SecurityImpact.
https://review.openstack.org/76476
Log:
commit 31a164ac93acfe82c9f07915b725e5608937a5a6
Author: Daniel Gollub <d.gollub at telekom.de>
Date: Wed Feb 26 06:56:13 2014 +0100
Replace httplib.HTTPSConnection in ec2_token
httplib.HTTPSConnection is known to not verify SSL certificates in Python 2.x.
Implementaiton got adapted to make use of the requests module instead.
SSL Verification is from now on enabled by default.
Can be disabled via an addiitonal introduced configuration option:
`keystone_ec2_insecure=True`
SecurityImpact
DocImpact
Partial-Bug: 1188189
Change-Id: Ie6a6620685995add56f38dc34c9a0a733558146a
More information about the Openstack-security
mailing list