security checklist: validate_enables_tls fails even though TLS is enabled
Bug #1851610 reported by
Frode Nordahl
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| OpenStack Neutron API Charm |
Confirmed
|
High
|
Unassigned | ||
Bug Description
While the source of this may be the specifics of the upstream security guide I think we should have the check pass based on the API actually enables TLS or not and not based on the value of a specific configuration option.
Our charms configure Neutron as a WSGI service hosted by Apache, and TLS is configured in Apache.
The Neutron ``use_ssl`` configuration option is thus redundant and not a valid check for whether TLS is in use or not.
| Changed in charm-neutron-api: | |
| status: | New → Triaged |
| importance: | Undecided → High |
Revision history for this message
| Linda Guo (lihuiguo) wrote | #1 |
| Changed in charm-neutron-api: | |
| assignee: | nobody → Linda Guo (lihuiguo) |
| status: | Triaged → In Progress |
| Changed in charm-neutron-api: | |
| assignee: | Linda Guo (lihuiguo) → nobody |
| status: | In Progress → Confirmed |
To post a comment you must log in.
Fix proposed:
Check 'ssl' module is enabled or not in apache.
https:/