Reviewed: https://review.openstack.org/168540 Committed: https://git.openstack.org/cgit/openstack/glance_store/commit/?id=91636e8b85de680ea1347b60b1c2a27022c0f26f Submitter: Jenkins Branch: master commit 91636e8b85de680ea1347b60b1c2a27022c0f26f Author: Ian Cordasco <ian.cordasco at rackspace.com> Date: Fri Mar 27 21:18:42 2015 -0500 Switch VMWare Datastore to use Requests Previously the VMWare Datastore was using HTTPS Connections from httplib which do not verify the connection. Switching to requests allows the store to perform proper connection level verification for a secure connection. By switching to using requests, we will get several benefits: 1. Certificate verification when using HTTPS 2. Connection pooling when following redirects 3. Help handling redirects 4. Help with Chunked Encoding Partial-bug: 1436082 Co-authored-by: Sabari Kumar Murugesan <smurugesan at vmware.com> Change-Id: I8ff20b2f6bd0e05cd50e44a60ec89fd54f87e1b4 -- You received this bug notification because you are a member of OpenStack Security, which is subscribed to OpenStack. https://bugs.launchpad.net/bugs/1436082 Title: VMWare and HTTP stores do not verify HTTPS Connections as they use httplib.HTTPSConnection Status in glance_store: In Progress Status in OpenStack Security Notes: Fix Released Bug description: VMWare store: https://github.com/openstack/glance_store/blob/ea88e503b617a7ac9a0ae7e537d6517e9992a104/glance_store/_drivers/vmware_datastore.py#L501 (_get_conn_class above uses simply httplib.HTTPSConnection). HTTP Store: https://github.com/openstack/glance_store/blob/master/glance_store/_drivers/http.py#L179 This leaves both stores open to man-in-the-middle attacks while transferring image data. To manage notifications about this bug go to: https://bugs.launchpad.net/glance-store/+bug/1436082/+subscriptions