[dev] [jira] [Closed] (LIBCLOUD-283) Allow SSL_CERT_FILE env to point to location of CA certificates

Mon, 25 Feb 2013 14:10:13 -0800 

     [ 
https://issues.apache.org/jira/browse/LIBCLOUD-283?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Tomaz Muraus closed LIBCLOUD-283.
---------------------------------

    
> Allow SSL_CERT_FILE env to point to location of CA certificates
> ---------------------------------------------------------------
>
>                 Key: LIBCLOUD-283
>                 URL: https://issues.apache.org/jira/browse/LIBCLOUD-283
>             Project: Libcloud
>          Issue Type: Improvement
>          Components: Core
>            Reporter: Erinn Looney-Triggs
>            Assignee: Tomaz Muraus
>            Priority: Minor
>              Labels: patch
>             Fix For: 0.12.1
>
>         Attachments: 
> 0001-Allow-CA-location-to-be-overriden-with-SSL_CERT_FILE.patch, 
> 0001-Allow-user-to-specify-custom-CA-certificate-to-use-f.patch, 
> ssl_cert_file_with_exists_and_isfile_check_and_warnings_tests.patch, 
> ssl_cert_file_with_exists_and_isfile_check.patch
>
>
> One of the problems that Linux distributions have is a lack of a centralized 
> certificate store for CAs. Couple this with different locations for different 
> distros (as well as different formats, NSS etc.) and it can get to be a pain 
> pretty easily. 
> Currently libcloud has a small set of hard coded locations that are searched 
> for a CA bundle. This patch adds the ability to set the SSL_CERT_FILE 
> environment variable to point to a given location and that file will be used 
> as the CA store. This increases the flexibility in terms of platforms that 
> can use libcloud. 
> openssl, as well as ruby use the same variable to locate their CA files (if 
> needed). 
> Security has been raised as a potential issue here. I can't speak with a 
> great deal of authority on this. It appears to me that an attacker with the 
> level of access required to do this would be able to subvert any program in 
> any other number of ways as well. As usual flexibility will need to be 
> weighed against security.
> github pull request here: https://github.com/apache/libcloud/pull/90/files
> -Erinn

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to