[Openstack-security] [Bug 1375857] Re: It's not possibile to pass the cacert to the swift store

OpenStack Infra 1375857 at bugs.launchpad.net
Wed Jan 7 23:03:49 UTC 2015 

Reviewed:  https://review.openstack.org/125338
Committed: https://git.openstack.org/cgit/openstack/glance_store/commit/?id=6b2cdbf4e608e38a6471093c77e5dd5792ab8532
Submitter: Jenkins
Branch:    master

commit 6b2cdbf4e608e38a6471093c77e5dd5792ab8532
Author: Andrea Rosa <andrea.rosa at hp.com>
Date:   Wed Oct 1 13:10:47 2014 +0100

    Define a new parameter to pass CA cert file
    
    This change adds a new parameter for the swift store driver that allows
    to speficy the name of the CA cert file to use in the SSL connections for
    verifying certificates. This parameter is passed to the swiftclient in
    the creation of the connection. The parameter is called "swift_store_cacert".
    This change corresponds to change
    I4cbfae3c1ac84d6c85875d34a58dd2a87ae85d6f in glance.
    
    Change-Id: I5b356170ec82d033204e22f79c862201400a0a31
    Closes-bug: 1375857
    DocImpact


** Changed in: glance
       Status: In Progress => Fix Committed

-- 
You received this bug notification because you are a member of OpenStack
Security Group, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1375857

Title:
  It's not possibile to pass the cacert to the swift store

Status in OpenStack Image Registry and Delivery Service (Glance):
  Fix Committed
Status in OpenStack Glance backend store-drivers library (glance_store):
  In Progress

Bug description:
  The swift store device defined in the glance store doesn't allow to pass the ca cert file. When the driver creates a connection via the swift client it is not possible to pass that value. 
  That means that if we have swift running on TLS in some cases we have to set the insecure option equals to True as the client can't correctly complete the handshake as it fails on the verification of the cert.

  The fix I'd like to propose is to add a new parameter to define the ca
  cert file and pass this value when we create the connection via the
  swift client.

To manage notifications about this bug go to:
https://bugs.launchpad.net/glance/+bug/1375857/+subscriptions

More information about the Openstack-security mailing list