Demetrius Tsitrelis created CLOUDSTACK-5386:
-----------------------------------------------
Summary: Secondary Storage does not accept SSL certs/domain other
than from "realhostip.com"
Key: CLOUDSTACK-5386
URL: https://issues.apache.org/jira/browse/CLOUDSTACK-5386
Project: CloudStack
Issue Type: Bug
Security Level: Public (Anyone can view this level - this is the default.)
Components: Storage Controller
Affects Versions: 4.2.0
Reporter: Demetrius Tsitrelis
The "sec.storage.ssl.cert.domain" should allow for certificates other than
realhostip.com to be used. One use case would be for using a self-signed
certificate for S3 storage.
DownloadManageerImpl.configure() contains the following code:
@Override
public boolean configure(String name, Map<String, Object> params) {
final Map<String, String> configs =
_configDao.getConfiguration("ManagementServer", params);
_sslCopy = Boolean.parseBoolean(configs.get("secstorage.encrypt.copy"));
_proxy = configs.get(Config.SecStorageProxy.key());
String cert = configs.get("secstorage.ssl.cert.domain");
if (!"realhostip.com".equalsIgnoreCase(cert)) {
s_logger.warn("Only realhostip.com ssl cert is supported, ignoring
self-signed and other certs");
}
--
This message was sent by Atlassian JIRA
(v6.1#6144)
