[Openstack-security] [openstack/keystone] SecurityImpact review request change Ie6a6620685995add56f38dc34c9a0a733558146a

gerrit2 at review.openstack.org gerrit2 at review.openstack.org
Thu Feb 27 21:58:24 UTC 2014


Hi, I'd like you to take a look at this patch for potential
SecurityImpact.
https://review.openstack.org/76476

Log:
commit ef3e98ef161eb43b1e3bdab2e402404b747047df
Author: Daniel Gollub <d.gollub at telekom.de>
Date:   Wed Feb 26 06:56:13 2014 +0100

    Replace httplib.HTTPSConnection in ec2_token
    
    httplib.HTTPSConnection is known to not verify SSL certificates in Python 2.x.
    Implementation got adapted to make use of the requests module instead.
    
    SSL Verification is from now on enabled by default.
    
    Can be disabled via an additional introduced configuration option:
    
    `keystone_ec2_insecure=True`
    
    SecurityImpact
    DocImpact
    Partial-Bug: 1188189
    
    Change-Id: Ie6a6620685995add56f38dc34c9a0a733558146a





More information about the Openstack-security mailing list