vmware-nsx

NSXv driver does not verify certificates

Bug #1488265 reported by Eric Brown on 2015-08-24

This bug affects 1 person

Affects

Status

Importance

Assigned to

Milestone

vmware-nsx

Fix Released

Critical

Eric Brown

You need to log in to change this bug's status.

Affecting:	vmware-nsx
Filed here by:	Eric Brown
When:	2015-08-24
Confirmed:	2015-08-24
Assigned:	2015-08-24
Started work:	2015-08-24
Completed:	2020-07-29

Target

Distribution
Package	(Find…)
Project	(Find…)

Status	Importance
	Critical

Assigned to

	Me
	Eric Brown (ericwb)

Comment on this change (optional)

Email me about changes to this bug report

(?)

Bug Description

The NSXv driver does not validate certificates of the NSX manager it connects to.

Because the driver does not validate the cert, its possible for it to be vulnerable to a man-in-the-middle attack.

Tags: Edit Tag help

Eric Brown (ericwb) on 2015-08-24

Changed in vmware-nsx:
assignee:	nobody → Eric Brown (ericwb)

OpenStack Infra (hudson-openstack) wrote on 2015-08-24: Fix proposed to vmware-nsx (master)

Fix proposed to branch: master
Review: https://review.openstack.org/216442

Changed in vmware-nsx:
status:	New → In Progress

Gary Kotton (garyk) on 2015-08-25

Changed in vmware-nsx:
importance:	Undecided → Critical

OpenStack Infra (hudson-openstack) wrote on 2015-08-25: Fix merged to vmware-nsx (master)

Reviewed: https://review.openstack.org/216442
Committed: https://git.openstack.org/cgit/openstack/vmware-nsx/commit/?id=16b564346e2d77bd0e097183ebb0e4c74a1c02c6
Submitter: Jenkins
Branch: master

commit 16b564346e2d77bd0e097183ebb0e4c74a1c02c6
Author: Eric Brown <email address hidden>
Date: Mon Aug 24 15:10:29 2015 -0700

Ensure NSXv driver can verify certificates

    The NSXv driver was missing code to do certificate verification.
    In fact, it was intentional turned off. This patch adds the
    capability to turn it on.

DocImpact:
Two new options for the NSXv driver: ca_file and insecure.

Change-Id: I12ffa2f5e80d4dd357e907631d2bcc76c13a0797
Closes-Bug: #1488265

Changed in vmware-nsx:
status:	In Progress → Fix Committed

OpenStack Infra (hudson-openstack) wrote on 2015-08-27: Fix proposed to vmware-nsx (stable/kilo)

Fix proposed to branch: stable/kilo
Review: https://review.openstack.org/217841

OpenStack Infra (hudson-openstack) wrote on 2015-08-27: Fix merged to vmware-nsx (stable/kilo)

Reviewed: https://review.openstack.org/217841
Committed: https://git.openstack.org/cgit/openstack/vmware-nsx/commit/?id=8b6d8f798d818fa476cf8c8aeee3f3d31a2b52fc
Submitter: Jenkins
Branch: stable/kilo

commit 8b6d8f798d818fa476cf8c8aeee3f3d31a2b52fc
Author: Eric Brown <email address hidden>
Date: Mon Aug 24 15:10:29 2015 -0700

Ensure NSXv driver can verify certificates

    The NSXv driver was missing code to do certificate verification.
    In fact, it was intentional turned off. This patch adds the
    capability to turn it on.

DocImpact:
Two new options for the NSXv driver: ca_file and insecure.

Closes-Bug: #1488265

    Conflicts:
     vmware_nsx/etc/nsx.ini
     vmware_nsx/neutron/plugins/vmware/vshield/common/VcnsApiClient.py

Change-Id: I12ffa2f5e80d4dd357e907631d2bcc76c13a0797

tags:

added: in-stable-kilo

Adit Sarfaty (asarfaty) on 2020-07-29

Changed in vmware-nsx:
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information Edit

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers