[Openstack-security] [Bug 1662556] [NEW] Coprhd disabling certificate verification

Rohan Arora 1662556 at bugs.launchpad.net
Tue Feb 7 15:44:32 UTC 2017 

Public bug reported:

Coprhd is making reqeust calls with verify=False which disables SSL certificate checks in the following files:
cinder/volume/drivers/coprhd/helpers/authentication.py
cinder/volume/drivers/coprhd/helpers/commoncoprhdapi.py

As suggested in this patch set
(https://review.openstack.org/#/c/426385/), this bug is being opened in
order to either fix the checks or add comments in the driver explaining
why this is safe.

** Affects: cinder
     Importance: Undecided
         Status: New


** Tags: coprhd security

** Tags added: coprhd

-- 
You received this bug notification because you are a member of OpenStack
Security, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1662556

Title:
  Coprhd disabling certificate verification

Status in Cinder:
  New

Bug description:
  Coprhd is making reqeust calls with verify=False which disables SSL certificate checks in the following files:
  cinder/volume/drivers/coprhd/helpers/authentication.py
  cinder/volume/drivers/coprhd/helpers/commoncoprhdapi.py

  As suggested in this patch set
  (https://review.openstack.org/#/c/426385/), this bug is being opened
  in order to either fix the checks or add comments in the driver
  explaining why this is safe.

To manage notifications about this bug go to:
https://bugs.launchpad.net/cinder/+bug/1662556/+subscriptions

More information about the Openstack-security mailing list