NSXv driver does not verify certificates

Bug #1488265 reported by Eric Brown on 2015-08-24
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
vmware-nsx
Critical
Eric Brown

Bug Description

The NSXv driver does not validate certificates of the NSX manager it connects to.

Because the driver does not validate the cert, its possible for it to be vulnerable to a man-in-the-middle attack.

Eric Brown (ericwb) on 2015-08-24
Changed in vmware-nsx:
assignee: nobody → Eric Brown (ericwb)

Fix proposed to branch: master
Review: https://review.openstack.org/216442

Changed in vmware-nsx:
status: New → In Progress
Gary Kotton (garyk) on 2015-08-25
Changed in vmware-nsx:
importance: Undecided → Critical

Reviewed: https://review.openstack.org/216442
Committed: https://git.openstack.org/cgit/openstack/vmware-nsx/commit/?id=16b564346e2d77bd0e097183ebb0e4c74a1c02c6
Submitter: Jenkins
Branch: master

commit 16b564346e2d77bd0e097183ebb0e4c74a1c02c6
Author: Eric Brown <email address hidden>
Date: Mon Aug 24 15:10:29 2015 -0700

    Ensure NSXv driver can verify certificates

    The NSXv driver was missing code to do certificate verification.
    In fact, it was intentional turned off. This patch adds the
    capability to turn it on.

    DocImpact:
    Two new options for the NSXv driver: ca_file and insecure.

    Change-Id: I12ffa2f5e80d4dd357e907631d2bcc76c13a0797
    Closes-Bug: #1488265

Changed in vmware-nsx:
status: In Progress → Fix Committed

Reviewed: https://review.openstack.org/217841
Committed: https://git.openstack.org/cgit/openstack/vmware-nsx/commit/?id=8b6d8f798d818fa476cf8c8aeee3f3d31a2b52fc
Submitter: Jenkins
Branch: stable/kilo

commit 8b6d8f798d818fa476cf8c8aeee3f3d31a2b52fc
Author: Eric Brown <email address hidden>
Date: Mon Aug 24 15:10:29 2015 -0700

    Ensure NSXv driver can verify certificates

    The NSXv driver was missing code to do certificate verification.
    In fact, it was intentional turned off. This patch adds the
    capability to turn it on.

    DocImpact:
    Two new options for the NSXv driver: ca_file and insecure.

    Closes-Bug: #1488265

    Conflicts:
     vmware_nsx/etc/nsx.ini
     vmware_nsx/neutron/plugins/vmware/vshield/common/VcnsApiClient.py

    Change-Id: I12ffa2f5e80d4dd357e907631d2bcc76c13a0797

tags: added: in-stable-kilo
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers