OpenStack Compute (nova)

do away with PROTOCOL_SSLv3

Bug #1432441 reported by ToniMueller on 2015-03-15

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	OpenStack Compute (nova)	Fix Released	Low	Unassigned	OpenStack Compute (nova) 2015.1.0 "kilo"
Nominated for Juno by Ian Cordasco
	oslo-incubator	Fix Released	Low	Liyingjun	oslo-incubator 2015.1.0 "kilo"

Bug Description

In Debian Testing, Python 2.7 does no longer include the symbols PROTOCOL_SSLv2 and PROTOCOL_SSLv3. The attached patch fixes this against Nova trunk.

Unrelated: The following command, run from /opt/stack in a devstack environment, did not yield any call to the function validate_ssl_version(), which is the only user of the affected data structure:

find . -name '*.py' -type f |xargs grep -nF validate_ssl_version

The nova version, according to the PKG-INFO file, is 2015.1.dev70.

Revision history for this message

ToniMueller (support-oeko) wrote on 2015-03-15:

disarm old SSL protocol imports, and import new symbols Edit (750 bytes, text/plain)

Revision history for this message

Davanum Srinivas (DIMS) (dims-v) wrote on 2015-03-16:

@ToniMueller, we need to fix the code in oslo-incubator first. you are right a quick scan does not show any users of
validate_ssl_version so we need to remove the entire _SSL_PROTOCOLS variable and references from sslutils in oslo-incubator first and then cleanup the copy in nova.

Changed in nova:
status:	New → Confirmed
Changed in oslo-incubator:
status:	New → Confirmed
Changed in nova:
importance:	Undecided → Low
Changed in oslo-incubator:
importance:	Undecided → Low

Liyingjun (liyingjun) on 2015-03-17

Changed in oslo-incubator:
assignee:	nobody → Liyingjun (liyingjun)

Revision history for this message

Davanum Srinivas (DIMS) (dims-v) wrote on 2015-03-20:

Fixed in oslo-incubator - Change-Id: I0d1d52bd9558a21af2d6bd439884cba26fafcc8b
Also fixed in nova - Change-Id: Id1d7250b5cff142d54004f604e6c2ae04709958b

Changed in nova:
status:	Confirmed → Fix Committed
Changed in oslo-incubator:
status:	Confirmed → Fix Committed

Thierry Carrez (ttx) on 2015-03-20

Changed in nova:
milestone:	none → kilo-3
status:	Fix Committed → Fix Released

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-03-20: Fix proposed to nova (stable/juno)

Fix proposed to branch: stable/juno
Review: https://review.openstack.org/166305

Thierry Carrez (ttx) on 2015-04-30

Changed in oslo-incubator:
milestone:	none → 2015.1.0
status:	Fix Committed → Fix Released

Thierry Carrez (ttx) on 2015-04-30

Changed in nova:
milestone:	kilo-3 → 2015.1.0

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-08-05: Change abandoned on nova (stable/juno)

Change abandoned by Ian Cordasco (<email address hidden>) on branch: stable/juno
Review: https://review.openstack.org/166305

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Patches

disarm old SSL protocol imports, and import new symbols Edit

Add patch

Remote bug watches

Bug watches keep track of this bug in other bug trackers.