yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1373993] [NEW] Trusted Filter uses unsafe SSL connection

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Sean Dague <sean@xxxxxxxxx>
Date: Thu, 25 Sep 2014 15:06:01 -0000
Reply-to: Bug 1373993 <1373993@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Public bug reported:

HTTPSClientAuthConnection uses httplib.HTTPSConnection objects. In
Python 2.x those do not perform CA checks so client connections are
vulnerable to MiM attacks.

This should be changed to use the requests lib.

** Affects: nova
     Importance: Critical
         Status: Triaged


** Tags: scheduler

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1373993

Title:
  Trusted Filter uses unsafe SSL connection

Status in OpenStack Compute (Nova):
  Triaged

Bug description:
  HTTPSClientAuthConnection uses httplib.HTTPSConnection objects. In
  Python 2.x those do not perform CA checks so client connections are
  vulnerable to MiM attacks.

  This should be changed to use the requests lib.

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1373993/+subscriptions

Follow ups

[Bug 1373993] Re: Trusted Filter uses unsafe SSL connection
From: Alan Pevec, 2015-03-13
[Bug 1373993] Re: Trusted Filter uses unsafe SSL connection
From: Alan Pevec, 2015-03-12
[Bug 1373993] Re: Trusted Filter uses unsafe SSL connection
From: Thierry Carrez, 2014-10-07
[Bug 1373993] [NEW] Trusted Filter uses unsafe SSL connection
From: Sean Dague, 2014-09-25

References

[Bug 1373993] [NEW] Trusted Filter uses unsafe SSL connection
From: Sean Dague, 2014-09-25