DVS driver does not verify vCenter certificate

Bug #1487962 reported by Eric Brown on 2015-08-24
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
vmware-nsx
Undecided
Eric Brown

Bug Description

The DVS driver does not validate certificates of the vCenter it connects to. The oslo.vmware module already provides a convenience function to allow this and DVS should make use of it.

Because the driver does not validate the cert, its possible for it to be vulnerable to a man-in-the-middle attack.

Eric Brown (ericwb) on 2015-08-24
Changed in vmware-nsx:
assignee: nobody → Eric Brown (ericwb)

Fix proposed to branch: master
Review: https://review.openstack.org/216098

Changed in vmware-nsx:
status: New → In Progress

Reviewed: https://review.openstack.org/216098
Committed: https://git.openstack.org/cgit/openstack/vmware-nsx/commit/?id=e7c30d1fdf55e3edd2a310f8050544e56cf81e85
Submitter: Jenkins
Branch: master

commit e7c30d1fdf55e3edd2a310f8050544e56cf81e85
Author: Eric Brown <email address hidden>
Date: Sun Aug 23 22:36:11 2015 -0700

    DVS: Verify certificate on vCenter connections

    The DVS driver was not validating the vCenter certificate. This
    patch utilizes the function already available in oslo.vmware to
    verify certs.

    DocImpact:
    This introduces two config options: cafile and insecure.

    Change-Id: I3162437f219946e0acfa63ff0ae35f36a7e3bba7
    Closes-Bug: #1487962

Changed in vmware-nsx:
status: In Progress → Fix Committed

Reviewed: https://review.openstack.org/217845
Committed: https://git.openstack.org/cgit/openstack/vmware-nsx/commit/?id=f4a031fd0256b5090abd2d5ec43c583f251fc334
Submitter: Jenkins
Branch: stable/kilo

commit f4a031fd0256b5090abd2d5ec43c583f251fc334
Author: Eric Brown <email address hidden>
Date: Sun Aug 23 22:36:11 2015 -0700

    DVS: Verify certificate on vCenter connections

    The DVS driver was not validating the vCenter certificate. This
    patch utilizes the function already available in oslo.vmware to
    verify certs.

    DocImpact:
    This introduces two config options: cafile and insecure.

    Change-Id: I3162437f219946e0acfa63ff0ae35f36a7e3bba7
    Closes-Bug: #1487962

tags: added: in-stable-kilo
Adit Sarfaty (asarfaty) on 2020-07-29
Changed in vmware-nsx:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers