[Openstack-security] [openstack/nova] SecurityImpact review request change I64859ad01120782fb17308aac3abb125597c3ea2
gerrit2 at review.openstack.org
gerrit2 at review.openstack.org
Tue Apr 26 10:37:13 UTC 2016
Hi, I'd like you to take a look at this patch for potential
SecurityImpact.
https://review.openstack.org/115484
Log:
commit 63f7516fcb5173f0c8576d5f207f7621f2a1c81c
Author: Solly Ross <sross at redhat.com>
Date: Tue Aug 19 19:21:52 2014 -0400
Add VeNCrypt (TLS/x509) Security Proxy Driver
This adds support for using x509/TLS security
between the compute node and websocket proxy when
using websockify to proxy VNC traffic.
In order to use this with x509, an operator would
have to set up client keys and certificates, as
well as CA certificates, and configure libvirt
to pass the appropriate options to QEmu (this
is configured globally for libvirt, not by Nova).
This process is documented on the libvirt
website.
Then, the operator would enable this driver and
set the following options in /etc/nova/nova.conf:
[console_proxy_tls]
client_key = /path/to/client/keyfile
client_cert = /path/to/client/cert.pem
ca_certs = /path/to/ca/cert.pem
SecurityImpact
DocImpact
Implements bp: websocket-proxy-to-host-security
Change-Id: I64859ad01120782fb17308aac3abb125597c3ea2
More information about the Openstack-security
mailing list