2019-02-11 10:50:43 |
Dimitri John Ledkov |
bug |
|
|
added bug |
2019-02-11 10:50:54 |
Dimitri John Ledkov |
nominated for series |
|
Ubuntu Cosmic |
|
2019-02-11 10:50:54 |
Dimitri John Ledkov |
bug task added |
|
python-boto (Ubuntu Cosmic) |
|
2019-02-11 10:50:54 |
Dimitri John Ledkov |
nominated for series |
|
Ubuntu Bionic |
|
2019-02-11 10:50:54 |
Dimitri John Ledkov |
bug task added |
|
python-boto (Ubuntu Bionic) |
|
2019-02-11 10:51:01 |
Dimitri John Ledkov |
python-boto (Ubuntu): status |
New |
Fix Released |
|
2019-02-11 10:51:03 |
Dimitri John Ledkov |
python-boto (Ubuntu Bionic): status |
New |
In Progress |
|
2019-02-11 10:51:05 |
Dimitri John Ledkov |
python-boto (Ubuntu Cosmic): status |
New |
In Progress |
|
2019-02-11 10:53:10 |
Dimitri John Ledkov |
bug watch added |
|
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=909545 |
|
2019-02-11 10:53:10 |
Dimitri John Ledkov |
bug task added |
|
python-boto (Debian) |
|
2019-02-11 10:56:31 |
Dimitri John Ledkov |
bug |
|
|
added subscriber Ubuntu Stable Release Updates Team |
2019-02-11 11:36:53 |
Bug Watch Updater |
python-boto (Debian): status |
Unknown |
Fix Released |
|
2019-02-11 15:31:06 |
Dimitri John Ledkov |
description |
[Impact]
* OpenSSL 1.1.1 performs SNI hostname verification, therefore hostname SSL context option must be set when establishing the connection, otherwise, validation of SNI certificates fail and thus resulting in lack of connectivity.
[Test Case]
* use python-boto to connect to an SNI tls protected host
[Regression Potential]
* change is compatible with pythons/openssl versions shipped in bionic/cosmic-release
* change is from upstream / tested in debian & disco
* change improves security, and is compatible with deployed servers out there
* hosts with certificates not matching their actual hostname will remain invalid/untrusted |
[Impact]
* OpenSSL 1.1.1 performs SNI hostname verification, therefore hostname SSL context option must be set when establishing the connection, otherwise, validation of SNI certificates fail and thus resulting in lack of connectivity.
[Test Case]
* use python-boto to connect to an SNI tls protected host
[Regression Potential]
* change is compatible with pythons/openssl versions shipped in bionic/cosmic-release
* change is from upstream / tested in debian & disco
* change improves security, and is compatible with deployed servers out there
* hosts with certificates not matching their actual hostname will remain invalid/untrusted
[Additional info]
To install python & openssl 1.1.1 on Bionic you may enable and use the below silo, which will then exhibit the enforcement of SNI hostname verification.
sudo add-apt-repository ppa:ci-train-ppa-service/3473
sudo apt-get update |
|
2019-02-11 18:17:06 |
Łukasz Zemczak |
python-boto (Ubuntu Cosmic): status |
In Progress |
Fix Committed |
|
2019-02-11 18:17:08 |
Łukasz Zemczak |
bug |
|
|
added subscriber SRU Verification |
2019-02-11 18:17:10 |
Łukasz Zemczak |
tags |
|
verification-needed verification-needed-cosmic |
|
2019-02-11 18:20:46 |
Łukasz Zemczak |
python-boto (Ubuntu Bionic): status |
In Progress |
Fix Committed |
|
2019-02-11 18:20:50 |
Łukasz Zemczak |
tags |
verification-needed verification-needed-cosmic |
verification-needed verification-needed-bionic verification-needed-cosmic |
|
2019-02-12 10:23:52 |
Dimitri John Ledkov |
tags |
verification-needed verification-needed-bionic verification-needed-cosmic |
verification-done-cosmic verification-needed verification-needed-bionic |
|
2019-02-12 10:56:00 |
Dimitri John Ledkov |
tags |
verification-done-cosmic verification-needed verification-needed-bionic |
verification-done verification-done-bionic verification-done-cosmic |
|
2019-02-12 10:56:25 |
Dimitri John Ledkov |
description |
[Impact]
* OpenSSL 1.1.1 performs SNI hostname verification, therefore hostname SSL context option must be set when establishing the connection, otherwise, validation of SNI certificates fail and thus resulting in lack of connectivity.
[Test Case]
* use python-boto to connect to an SNI tls protected host
[Regression Potential]
* change is compatible with pythons/openssl versions shipped in bionic/cosmic-release
* change is from upstream / tested in debian & disco
* change improves security, and is compatible with deployed servers out there
* hosts with certificates not matching their actual hostname will remain invalid/untrusted
[Additional info]
To install python & openssl 1.1.1 on Bionic you may enable and use the below silo, which will then exhibit the enforcement of SNI hostname verification.
sudo add-apt-repository ppa:ci-train-ppa-service/3473
sudo apt-get update |
[Impact]
* OpenSSL 1.1.1 performs SNI hostname verification, therefore hostname SSL context option must be set when establishing the connection, otherwise, validation of SNI certificates fail and thus resulting in lack of connectivity.
[Test Case]
* use python-boto to connect to an SNI tls protected host, e.g. GCE google storage using legacy .boto
[Regression Potential]
* change is compatible with pythons/openssl versions shipped in bionic/cosmic-release
* change is from upstream / tested in debian & disco
* change improves security, and is compatible with deployed servers out there
* hosts with certificates not matching their actual hostname will remain invalid/untrusted
[Additional info]
To install python & openssl 1.1.1 on Bionic you may enable and use the below silo, which will then exhibit the enforcement of SNI hostname verification.
sudo add-apt-repository ppa:ci-train-ppa-service/3473
sudo apt-get update |
|
2019-02-12 13:36:16 |
Francis Ginther |
tags |
verification-done verification-done-bionic verification-done-cosmic |
id-5c6154852a93b980fb9074b2 verification-done verification-done-bionic verification-done-cosmic |
|
2019-02-25 11:14:48 |
Launchpad Janitor |
python-boto (Ubuntu Cosmic): status |
Fix Committed |
Fix Released |
|
2019-02-25 11:14:51 |
Łukasz Zemczak |
removed subscriber Ubuntu Stable Release Updates Team |
|
|
|
2019-02-25 11:20:48 |
Launchpad Janitor |
python-boto (Ubuntu Bionic): status |
Fix Committed |
Fix Released |
|