Cinder

Qnap driver using HTTPSConnection

Bug #1658766 reported by Nicholas Jones on 2017-01-23

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Cinder	Fix Released	High	Ibad Khan

Bug Description

Bug filed to track drivers individually.

HTTPSConnection does not validate server certificates and should be avoided.

In cinder/cinder/volume/drivers/qnap.py

    812 if hasattr(ssl, '_create_unverified_context'):
    813 context = ssl._create_unverified_context()
    814 connection = http_client.HTTPSConnection(management_ip,
    815 port=management_port,
    816 context=context)
    817 else:
    818 connection = http_client.HTTPSConnection(management_ip,
    819 port=management_port)
    ...
    845 if self.ssl:
    846 if hasattr(ssl, '_create_unverified_context'):
    847 context = ssl._create_unverified_context()
    848 connection = http_client.HTTPSConnection(nas_ip,
    849 port=self.port,
    850 context=context)
    851 else:
    852 connection = http_client.HTTPSConnection(
    853 nas_ip, port=self.port)

See:
https://bugs.launchpad.net/cinder/+bug/1188189
https://wiki.openstack.org/wiki/OSSN/OSSN-0033

Tags:

Xing Yang (xing-yang) on 2017-01-23

Changed in cinder:
status:	New → Confirmed
importance:	Undecided → High

Revision history for this message

Xing Yang (xing-yang) wrote on 2017-01-23:

Hi Pony,

Can you please take a look of this issue in the Qnap driver? Thanks.

Changed in cinder:
assignee:	nobody → Pony Chou (ponychou)

Pony Chou (ponychou) on 2017-01-24

Changed in cinder:
status:	Confirmed → In Progress

Matt Smith (mss-4) on 2017-05-11

tags:

added: drivers qnap

Revision history for this message

Jay Bryant (jsbryant) wrote on 2017-05-22:

Pony, this hasn't been touched January. Can you please set back to new if you aren't going to push up a patch for this?

Thanks!

Eric Harney (eharney) on 2017-11-29

Changed in cinder:
status:	In Progress → New

Ibad Khan (ik-ibadkhan) on 2018-01-25

Changed in cinder:
assignee:	Pony Chou (ponychou) → Ibad Khan (ik-ibadkhan)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2018-01-26: Fix proposed to cinder (master)

Fix proposed to branch: master
Review: https://review.openstack.org/538237

Changed in cinder:
status:	New → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2018-03-21: Fix merged to cinder (master)

Reviewed: https://review.openstack.org/538237
Committed: https://git.openstack.org/cgit/openstack/cinder/commit/?id=431b4284bf12dfd8f97af95a9b96356105e08404
Submitter: Zuul
Branch: master

commit 431b4284bf12dfd8f97af95a9b96356105e08404
Author: Ibadulla Khan <email address hidden>
Date: Fri Jan 26 19:08:35 2018 +0530

QNAP Drivers - Move from httplib to requests

Use driver_ssl_cert_verify under backend section to
enable or disable SSL verfication.

NOTE: IPv6 isn't supported by QNAP driver.

    Change-Id: Iba886fd0bd401052a444eb7a4427607e693d7c81
    Closes-Bug: 1658766
    Partial-Bug: 1188189

Changed in cinder:
status:	In Progress → Fix Released

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2018-04-19: Fix included in openstack/cinder 13.0.0.0b1

This issue was fixed in the openstack/cinder 13.0.0.0b1 development milestone.

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.