[Openstack-security] [Bug 1188189] Fix merged to cinder (master)
Author: Ibadulla Khan <ik.ibadkhan at gmail.com>
Date: Fri Jan 26 19:08:35 2018 +0530
QNAP Drivers - Move from httplib to requests
Use driver_ssl_cert_verify under backend section to
enable or disable SSL verfication.
NOTE: IPv6 isn't supported by QNAP driver.
You received this bug notification because you are a member of OpenStack
Security SIG, which is subscribed to OpenStack.
Some server-side 'SSL' communication fails to check certificates (use
Status in Cinder:
Status in OpenStack Identity (keystone):
Status in neutron:
Status in oslo.vmware:
Status in OpenStack Security Advisory:
Status in OpenStack Security Notes:
Status in python-keystoneclient:
Status in OpenStack Object Storage (swift):
Grant Murphy from Red Hat reported usage of httplib.HTTPSConnection
objects. In Python 2.x those do not perform CA checks so client
connections are vulnerable to MiM attacks.
The following files use httplib.HTTPSConnection :
AFAICT HTTPSConnection does not validate server certificates and
should be avoided. This is fixed in Python 3, however in 2.X no
validation occurs. I suspect this is also applicable to most OpenStack
modules that make HTTPS client calls.
Similar problems were found in ovirt:
With solutions for ovirt:
To manage notifications about this bug go to: