[
https://issues.apache.org/jira/browse/LIBCLOUD-55?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jed Smith closed LIBCLOUD-55.
-----------------------------
Resolution: Won't Fix
Warnings introduced in r1002708.
Thank you for taking the time to file a libcloud bug report; however, the root
issue here, as you are aware, is in Python itself. As such, I have added
warnings to the README and code for our project to link to upstream:
http://bugs.python.org/issue1589
Once the root cause in Python is addressed, all clients of the Python standard
library will subsequently be fixed as well with no intervention on our part.
Once again, thank you for helping to make libcloud a better project.
> this python project is vulnerable to MITM as it fails to verify the ssl
> validity of the remote destination.
> -----------------------------------------------------------------------------------------------------------
>
> Key: LIBCLOUD-55
> URL: https://issues.apache.org/jira/browse/LIBCLOUD-55
> Project: Libcloud
> Issue Type: Bug
> Components: Core
> Reporter: dave b ^^
> Original Estimate: 0.5h
> Remaining Estimate: 0.5h
>
> this python project is vulnerable to MITM as it fails to verify the ssl
> validity of the remote destination.
> urllib / urllib2, httplib.SHTTPConnection do not verify ssl at all by default.
> from base.py
> class ConnectionKey(object):
> """ A Base Connection class to derive from.
> """ conn_classes = (httplib.HTTPConnection, httplib.HTTPSConnection)
> .... def connect(self, host=None, port=None):
> ..... connection = self.conn_classesself.secure
> this request can be MITMed leading to the compromise of a users API key -
> where a secured https connection was requested, but can be MITM'ed.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
