[openstack-dev] [Swift] python-swiftclient, verifying SSL certs by default

Chmouel Boudjnah chmouel at enovance.com
Wed Dec 4 15:04:38 UTC 2013


Hello,

There has been a lengthy discussion going on for quite sometime on a review
for swiftclient here :

https://review.openstack.org/#/c/33473/

The review change the way works swiftclient to refuse to connect to
insecure (i.e: self signed) SSL swift proxies unless you are specifying the
--insecure flag to the CLI.

This change the default behavior of the client but that's for the greater
good of a better security.

We are getting this merged now and want to make sure that people are aware
of it first.

We would probably bump the version of swiftclient to 2.0 since this is a
big change.

This would allow to close this CVE:
https://bugs.launchpad.net/bugs/cve/2013-6396 and give ability to
distributors for providing updates.

I'll announce it on -users and -operators after this is merged.

Chmouel.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20131204/fdb4eb8e/attachment.html>


More information about the OpenStack-dev mailing list