yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1184554] Re: check ssl configuration before answering requests

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Thierry Carrez <thierry.carrez+lp@xxxxxxxxx>
Date: Mon, 29 Jul 2013 07:43:54 -0000
Reply-to: Bug 1184554 <1184554@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Changed in: glance
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Glance.
https://bugs.launchpad.net/bugs/1184554

Title:
  check ssl configuration before answering requests

Status in OpenStack Image Registry and Delivery Service (Glance):
  Fix Released

Bug description:
  If you have a typo in glance-api.conf regarding the location of the
  key_file in ssl options, the glance-api will crash when the first
  request is handled:

  ---
  2013-05-27 11:34:49.267 4941 TRACE glance   File "/usr/lib64/python2.6/ssl.py", line 118, in __init__
  2013-05-27 11:34:49.267 4941 TRACE glance     cert_reqs, ssl_version, ca_certs)
  2013-05-27 11:34:49.267 4941 TRACE glance SSLError: [Errno 336265218] _ssl.c:339: error:140B0002:SSL routines:SSL_CTX_use_PrivateKey_file:system lib
  ---

  The availability of the configured certs and keyfiles should be
  checked while initializing the api server. Failing with an error when
  the first request is handled is a littlebit late, I think.

  You could force the error by simpling passing an incorrect path in
  key_file in the api.configuration, e.g:

  key_file = 7etc/glance/ssl/p...

  instead of

  key_file = /etc/glance/ssl/p...

To manage notifications about this bug go to:
https://bugs.launchpad.net/glance/+bug/1184554/+subscriptions