[Openstack-security] [openstack/nova] SecurityImpact review request change I0b8e6319a4cc39876b1e396ef705f0fc5def1e44
gerrit2 at review.openstack.org
gerrit2 at review.openstack.org
Wed Nov 26 02:50:23 UTC 2014
Hi, I'd like you to take a look at this patch for potential
SecurityImpact.
https://review.openstack.org/127203
Log:
commit c5faec699739898fd36d89c91f13ecda775dcb24
Author: Sylvain Bauza <sbauza at redhat.com>
Date: Mon Sep 29 13:33:50 2014 +0200
Fix unsafe SSL connection on TrustedFilter
TrustedFilter was using httplib which doesn't check for CAs.
Here the change is using Requests and verifies local CAs by default (or another
one if provided)
This effort is related to CVE 2013-2255.
SecurityImpact
ReleaseNote
This patch adds an option attestation_insecure_ssl in TrustedFilter which can be
used to verify CAs. By default the value is True and SSL cert verification is disabled
to ensure there is no compatibility issue with prior release.
Closes-Bug: #1373993
(cherry picked from commit 30871e8702737edbbfbcbbb5f21858873b37685c)
Conflicts:
nova/tests/scheduler/test_host_filters.py
Change-Id: I0b8e6319a4cc39876b1e396ef705f0fc5def1e44
More information about the Openstack-security
mailing list