[
https://issues.apache.org/jira/browse/LIBCLOUD-65?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jerry Chen resolved LIBCLOUD-65.
--------------------------------
Resolution: Fixed
Fix Version/s: 0.4.1
Assignee: Jerry Chen
SSL Certificate Name Verification is now available via the libcloud.security
module.
http://svn.apache.org/viewvc?view=revision&revision=1054518
> SSL verification should be on (now available in base python).
> -------------------------------------------------------------
>
> Key: LIBCLOUD-65
> URL: https://issues.apache.org/jira/browse/LIBCLOUD-65
> Project: Libcloud
> Issue Type: New Feature
> Reporter: Michael De La Rue
> Assignee: Jerry Chen
> Fix For: 0.4.1
>
>
> In drivers/base.py there is the following warning.
> # WARNING: Python's built-in SSL does not do certificate validation. As
> # such, one cannot be sure of the other end of the conversation with any
> # sufficient authority. If you are in a position to be exploited (i.e., on
> # an untrusted network), be cautious with SSL connections. This is an issue
> # with upstream Python (see http://bugs.python.org/issue1589 for details)
> # and not with libcloud.
> in the issue referenced (http://bugs.python.org/issue1589) it's said that the
> bug is now fixed and there is even a link to a backport of the module needed
> to do proper SSL enforcing.
> http://pypi.python.org/pypi/backports.ssl_match_hostname/
> The functionality to enforce secure SSL connections should now be enforced by
> default and a warning issued if the module isn't available.
> I'm not filing this as a bug because the lack of verification is documented
> and expected, but it could certainly be seen as a bit "surprising" so it
> would be a good idea to fix this.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
