security checklist: validate_enables_tls fails even though TLS is enabled
Bug #1851610 reported by
Frode Nordahl
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Neutron API Charm |
Confirmed
|
High
|
Unassigned |
Bug Description
While the source of this may be the specifics of the upstream security guide I think we should have the check pass based on the API actually enables TLS or not and not based on the value of a specific configuration option.
Our charms configure Neutron as a WSGI service hosted by Apache, and TLS is configured in Apache.
The Neutron ``use_ssl`` configuration option is thus redundant and not a valid check for whether TLS is in use or not.
Changed in charm-neutron-api: | |
status: | New → Triaged |
importance: | Undecided → High |
Changed in charm-neutron-api: | |
assignee: | Linda Guo (lihuiguo) → nobody |
status: | In Progress → Confirmed |
To post a comment you must log in.
Fix proposed:
Check 'ssl' module is enabled or not in apache.
https:/ /review. opendev. org/c/openstack /charm- neutron- api/+/766883