[Openstack-security] [openstack/cinder] SecurityImpact review request change I4799c2c5376fb54e5ebbdc4f9b6a1c526e7b8a8b

gerrit2 at review.openstack.org gerrit2 at review.openstack.org
Sat Mar 1 09:23:48 UTC 2014


Hi, I'd like you to take a look at this patch for potential
SecurityImpact.
https://review.openstack.org/77346

Log:
commit d1e9ab6615e080c2595087b8cd464cae68904a39
Author: Daniel Gollub <d.gollub at telekom.de>
Date:   Sat Feb 22 21:37:59 2014 +0100

    Replace HTTPSConnection in zadara driver
    
    Replace HTTPSConnection in zadara driver with Requests.
    
    SSL Verification is from now on enabled by default.
    
    This changes the default behaviour and is the primary intention of this
    change: verify SSL certificates.
    
    This might break existing configuration/setups where the SSL certificate
    used by the SAN would not pass the verification.
    
    Old behaviour can be force by using `san_ssl_insecure=True`.
    
    SecurityImpact
    DocImpact
    Partial-Bug: 1188189
    
    Change-Id: I4799c2c5376fb54e5ebbdc4f9b6a1c526e7b8a8b





More information about the Openstack-security mailing list