yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1257566] Re: EC2 and S3 token middleware create insecure connections

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Grant Murphy <gmurphy@xxxxxxxxxx>
Date: Wed, 04 Dec 2013 06:34:42 -0000
Reply-to: Bug 1257566 <1257566@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Also affects: ossa
   Importance: Undecided
       Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1257566

Title:
  EC2 and S3 token middleware create insecure connections

Status in OpenStack Identity (Keystone):
  New
Status in OpenStack Security Advisories:
  New

Bug description:
  EC2 and S3 token middleware are similar to auth_token_middleware
  receiving and authenticating ec2/s3 tokens. They both still use the
  httplib method of connecting to keystone and so doesn't validate any
  SSL certificates.

  On top of this they appears to be completely untested.

  They are not enabled by keystone's default pipeline and are thus most
  likely not used at all and should be either deprecated or moved into
  keystoneclient.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1257566/+subscriptions

References

[Bug 1257566] [NEW] EC2 and S3 token middleware create insecure connections
From: Jamie Lennox, 2013-12-04