OpenStack Image Registry and Delivery Service (Glance)

Glance client should verify server cert by default

Reported by Stuart McLaren on 2012-02-09
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Glance
Undecided
Stuart McLaren

Bug Description

Changed in glance:
assignee: nobody → Stuart McLaren (stuart-mclaren)

Fix proposed to branch: master
Review: https://review.openstack.org/3971

Changed in glance:
status: New → In Progress

Reviewed: https://review.openstack.org/3971
Committed: http://github.com/openstack/glance/commit/0f0fe2ba1b772e6964241c0631683b306fff23c0
Submitter: Jenkins
Branch: master

commit 0f0fe2ba1b772e6964241c0631683b306fff23c0
Author: Stuart McLaren <email address hidden>
Date: Thu Feb 9 18:10:42 2012 +0000

    New -k/--insecure command line option

    Fix for bug 929591.

    Change glance to require server certificate validation
    by default when using https. The standard system
    CA file will be used if available (and an alternative was not
    provided).

    The --insecure option can be used by clients to skip server
    certificate validation if appropriate.

    * This change will impact Nova clients accessing glance over https.
      If the standard CA file is not suitable they will need to provide
      a CA file or else create an 'insecure' glance client.
    * Accesses to a https registry server must now perform server
      certificate validation.
    * If the package which provides the standard
      system CA file is installed then that file will be used by default.
      It probably makes sense for the glance package to have a
      dependency on whichever package provides the default CA bundle.
      (In Ubuntu this is 'ca-certificates')

    Change-Id: I7c83361ba0881559ec77d4baf10dfeb5b8e32185

Changed in glance:
status: In Progress → Fix Committed
Thierry Carrez (ttx) on 2012-02-29
Changed in glance:
milestone: none → essex-4
status: Fix Committed → Fix Released
Thierry Carrez (ttx) on 2012-04-05
Changed in glance:
milestone: essex-4 → 2012.1
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers