Erinn Looney-Triggs created LIBCLOUD-283:
--------------------------------------------
Summary: Allow SSL_CERT_FILE env to point to location of CA
certificates
Key: LIBCLOUD-283
URL: https://issues.apache.org/jira/browse/LIBCLOUD-283
Project: Libcloud
Issue Type: Improvement
Components: Core
Reporter: Erinn Looney-Triggs
Priority: Minor
One of the problems that Linux distributions have is a lack of a centralized
certificate store for CAs. Couple this with different locations for different
distros (as well as different formats, NSS etc.) and it can get to be a pain
pretty easily.
Currently libcloud has a small set of hard coded locations that are searched
for a CA bundle. This patch adds the ability to set the SSL_CERT_FILE
environment variable to point to a given location and that file will be used as
the CA store. This increases the flexibility in terms of platforms that can use
libcloud.
openssl, as well as ruby use the same variable to locate their CA files (if
needed).
Security has been raised as a potential issue here. I can't speak with a great
deal of authority on this. It appears to me that an attacker with the level of
access required to do this would be able to subvert any program in any other
number of ways as well. As usual flexibility will need to be weighed against
security.
github pull request here: https://github.com/apache/libcloud/pull/90/files
-Erinn
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
