← Back to team overview

yahoo-eng-team team mailing list archive

[Bug 1257566] [NEW] EC2 and S3 token middleware create insecure connections

 

Public bug reported:

EC2 and S3 token middleware are similar to auth_token_middleware
receiving and authenticating ec2/s3 tokens. They both still use the
httplib method of connecting to keystone and so doesn't validate any SSL
certificates.

On top of this they appears to be completely untested.

They are not enabled by keystone's default pipeline and are thus most
likely not used at all and should be either deprecated or moved into
keystoneclient.

** Affects: keystone
     Importance: Undecided
         Status: New

** Summary changed:

- EC2 and S3 token middleware uses httplib and is untested
+ EC2 and S3 token middleware create insecure connections

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1257566

Title:
  EC2 and S3 token middleware create insecure connections

Status in OpenStack Identity (Keystone):
  New

Bug description:
  EC2 and S3 token middleware are similar to auth_token_middleware
  receiving and authenticating ec2/s3 tokens. They both still use the
  httplib method of connecting to keystone and so doesn't validate any
  SSL certificates.

  On top of this they appears to be completely untested.

  They are not enabled by keystone's default pipeline and are thus most
  likely not used at all and should be either deprecated or moved into
  keystoneclient.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1257566/+subscriptions


Follow ups

References