[Openstack-security] [Bug 1516703] Change abandoned on nova (master)
OpenStack Infra
1516703 at bugs.launchpad.net
Thu Aug 25 13:30:35 UTC 2016
Change abandoned by Michael Still (mikal at stillhq.com) on branch: master
Review: https://review.openstack.org/246217
Reason: This patch is quite old, so I am abandoning it to keep the review queue manageable. Feel free to restore the change if you're still interested in working on it.
--
You received this bug notification because you are a member of OpenStack
Security, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1516703
Title:
crypto.py generates certs with SHA-1 digest
Status in OpenStack Compute (nova):
In Progress
Bug description:
nova/crypto.py:generate_winrm_x509_cert() generates certs with default
SHA-1 digest.
The call to 'openssl req' does not specify -digest option nor
certificate config file sets digest, so certificates are generated
with SHA-1 digest. SHA-1 is not considered to be a secure algorithm
for certificates' digest.
It would be preferable to:
1) let user specify digest algorithm via a config option
2) default to SHA-256
To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1516703/+subscriptions
More information about the Openstack-security
mailing list