Drivers not verifiying certs by default (solidfire/tegile/tintri)

Bug #1635210 reported by Paul Bourke on 2016-10-20
This bug affects 1 person
Affects Status Importance Assigned to Milestone

Bug Description

Currently the drivers referenced have hardcoded verify=False when making http requests. This is bad from a security standpoint. At this point I'm unsure if there's a reason for the default being false, or if simply an oversight.

tags: added: drivers solidfire tegile tintri
Changed in cinder:
importance: Undecided → Low
Rohan Arora (ra271w) wrote :

Any update on this? I was looking at Bandit issues and it is complaining about this as well. Wondering if this is because some drivers are really only being used internally and thus aren't using certificates or something along those lines?

Rohan Arora (ra271w) on 2017-01-25
tags: added: coprhd nexenta nimble
Changed in cinder:
assignee: nobody → NidhiMittalHada (nidhimittal19)

Unassigning due to no activity for > 6 months.

Changed in cinder:
assignee: NidhiMittalHada (nidhimittal19) → nobody
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers