[Openstack-security] [Bug 1662558] [NEW] Nexenta disabling certificate verification

Rohan Arora 1662558 at bugs.launchpad.net
Tue Feb 7 15:46:48 UTC 2017 

Public bug reported:

Nexenta is making reqeust calls with verify=False which disables SSL certificate checks in the following file:
cinder/volume/drivers/nexenta/ns5/jsonrpc.py

As suggested in this patch set
(https://review.openstack.org/#/c/426385/), this bug is being opened in
order to either fix the checks or add comments in the driver explaining
why this is safe.

** Affects: cinder
     Importance: Undecided
         Status: New


** Tags: nexenta security

-- 
You received this bug notification because you are a member of OpenStack
Security, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1662558

Title:
  Nexenta disabling certificate verification

Status in Cinder:
  New

Bug description:
  Nexenta is making reqeust calls with verify=False which disables SSL certificate checks in the following file:
  cinder/volume/drivers/nexenta/ns5/jsonrpc.py

  As suggested in this patch set
  (https://review.openstack.org/#/c/426385/), this bug is being opened
  in order to either fix the checks or add comments in the driver
  explaining why this is safe.

To manage notifications about this bug go to:
https://bugs.launchpad.net/cinder/+bug/1662558/+subscriptions

More information about the Openstack-security mailing list