Ubuntu

Must check certificates for validity

Reported by Gustavo Niemeyer on 2011-05-12
12
This bug affects 1 person
Affects Status Importance Assigned to Milestone
pyjuju
High
Clint Byrum
txAWS
Medium
Thomas Herve
juju (Ubuntu)
High
Clint Byrum
Precise
High
Clint Byrum
txaws (Ubuntu)
High
Clint Byrum
Precise
High
Clint Byrum

Bug Description

txAWS is currently not checking the SSL certificates for validity with this logic:

            contextFactory = ssl.ClientContextFactory()
            reactor.connectSSL(host, port, self.client, contextFactory)

This will accept self-signed certificates, which can be easily forged.

Thomas Herve (therve) on 2011-11-28
Changed in txaws:
importance: Undecided → Medium
assignee: nobody → Thomas Herve (therve)
milestone: none → 0.3
Thomas Herve (therve) on 2011-11-29
Changed in txaws:
status: New → In Progress
Thomas Herve (therve) on 2011-12-01
Changed in txaws:
status: In Progress → Fix Committed
Clint Byrum (clint-fewbar) wrote :

Once this lands in a release, juju should be updated to make use of it.

Changed in juju:
status: New → In Progress
importance: Undecided → High
assignee: nobody → Clint Byrum (clint-fewbar)
Changed in txaws (Ubuntu Precise):
status: New → In Progress
importance: Undecided → High
assignee: nobody → Clint Byrum (clint-fewbar)
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package txaws - 0.2-0ubuntu10

---------------
txaws (0.2-0ubuntu10) precise; urgency=low

  * d/patches/add-ssl-cert-verification.patch: Cherry pick patch from
    upstream to enable SSL certificate verification. (LP: #781949)
 -- Clint Byrum <email address hidden> Wed, 28 Mar 2012 02:39:34 -0700

Changed in txaws (Ubuntu Precise):
status: In Progress → Fix Released
Changed in juju:
milestone: none → florence
Changed in juju (Ubuntu Precise):
status: New → In Progress
assignee: nobody → Clint Byrum (clint-fewbar)
importance: Undecided → High
milestone: none → ubuntu-12.04
Changed in juju:
status: In Progress → Fix Released
Changed in txaws:
status: Fix Committed → Fix Released
Clint Byrum (clint-fewbar) wrote :

The EC2 provider verifies all certs now if ssl-hostname-verification: true is in the environment configuration.

Changed in juju (Ubuntu Precise):
status: In Progress → Fix Released
Changed in juju (Ubuntu):
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers