[
https://issues.apache.org/jira/browse/LIBCLOUD-100?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Tomaz Muraus resolved LIBCLOUD-100.
-----------------------------------
Resolution: Fixed
Fix Version/s: 0.6.0
> libcloud should never disable HTTPS
> -----------------------------------
>
> Key: LIBCLOUD-100
> URL: https://issues.apache.org/jira/browse/LIBCLOUD-100
> Project: Libcloud
> Issue Type: Improvement
> Components: Core
> Affects Versions: 0.5.0
> Reporter: Chris Adams
> Labels: security
> Fix For: 0.6.0
>
>
> As documented on http://wiki.apache.org/incubator/LibcloudSSL, libcloud will
> simply disable HTTPS checks when there are no valid CAs on the current system:
> "libcloud/httplib_ssl.py:75: UserWarning: Warning: No CA Certificates were
> found in CA_CERTS_PATH. Toggling VERIFY_SSL_CERT to False.
> warnings.warn(libcloud.security.CA_CERTS_UNAVAILABLE_MSG)"
> This is bad as it's easy to assume you're operating in a secure manner if you
> don't (or can't) see the warning message. If VERIFY_SSL_CERT is true,
> libcloud should simply toss a runtime error and force the user to provide a
> CA rather than making it easy to assume things are working as desired.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
