Open Stack

Hi, I'd like you to take a look at this patch for potential
SecurityImpact.
https://review.openstack.org/115484

Log:
commit d997f86253cb234594220968b5aa0217582bf34c
Author: Solly Ross <sross at redhat.com>
Date:   Tue Aug 19 19:21:52 2014 -0400

    Add VeNCrypt (TLS/x509) Security Proxy Driver
    
    This adds support for using x509/TLS security
    between the compute node and websocket proxy when
    using websockify to proxy VNC traffic.
    
    In order to use this with x509, an operator would
    have to set up client keys and certificates, as
    well as CA certificates, and configure libvirt
    to pass the appropriate options to QEmu (this
    is configured globally for libvirt, not by Nova).
    This process is documented on the libvirt
    website.
    
    Then, the operator would enable this driver and
    set the following options in /etc/nova/nova.conf:
    
       [console_proxy_tls]
       client_key = /path/to/client/keyfile
       client_cert = /path/to/client/cert.pem
       ca_certs = /path/to/ca/cert.pem
    
    SecurityImpact
    DocImpact
    Implements bp: websocket-proxy-to-host-security
    
    Change-Id: I64859ad01120782fb17308aac3abb125597c3ea2