Comment 2 for bug 929591
Revision history for this message
| OpenStack Infra (hudson-openstack) wrote Fix merged to glance (master) | #2 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
bbfa235
(Get the code!)
Reviewed: https:/
Committed: http://
Submitter: Jenkins
Branch: master
commit 0f0fe2ba1b772e6
Author: Stuart McLaren <email address hidden>
Date: Thu Feb 9 18:10:42 2012 +0000
New -k/--insecure command line option
Fix for bug 929591.
Change glance to require server certificate validation
by default when using https. The standard system
CA file will be used if available (and an alternative was not
provided).
The --insecure option can be used by clients to skip server
certificate validation if appropriate.
* This change will impact Nova clients accessing glance over https.
If the standard CA file is not suitable they will need to provide
a CA file or else create an 'insecure' glance client.
* Accesses to a https registry server must now perform server
certificate validation.
* If the package which provides the standard
system CA file is installed then that file will be used by default.
It probably makes sense for the glance package to have a
dependency on whichever package provides the default CA bundle.
(In Ubuntu this is 'ca-certificates')
Change-Id: I7c83361ba08815