[
https://issues.apache.org/jira/browse/CLOUDSTACK-5386?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13840547#comment-13840547
]
Demetrius Tsitrelis commented on CLOUDSTACK-5386:
-------------------------------------------------
Thank you for the patch.
If the DownloadManagerImpl class (or just the code which references the
certificate) is no longer used would you please remove the obsolete code which
writes the log message indicating that non-realhostip certs are not supported?
I see that the UploadMonitorImpl.configure() has the same code as well.
> Secondary Storage does not accept SSL certs/domain other than from
> "realhostip.com"
> -----------------------------------------------------------------------------------
>
> Key: CLOUDSTACK-5386
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-5386
> Project: CloudStack
> Issue Type: Bug
> Security Level: Public(Anyone can view this level - this is the
> default.)
> Components: Storage Controller
> Affects Versions: 4.2.0
> Reporter: Demetrius Tsitrelis
> Assignee: Wei Zhou
>
> The "sec.storage.ssl.cert.domain" should allow for certificates other than
> realhostip.com to be used. One use case would be for using a self-signed
> certificate for S3 storage.
> DownloadManageerImpl.configure() contains the following code:
> @Override
> public boolean configure(String name, Map<String, Object> params) {
> final Map<String, String> configs =
> _configDao.getConfiguration("ManagementServer", params);
> _sslCopy =
> Boolean.parseBoolean(configs.get("secstorage.encrypt.copy"));
> _proxy = configs.get(Config.SecStorageProxy.key());
> String cert = configs.get("secstorage.ssl.cert.domain");
> if (!"realhostip.com".equalsIgnoreCase(cert)) {
> s_logger.warn("Only realhostip.com ssl cert is supported,
> ignoring self-signed and other certs");
> }
--
This message was sent by Atlassian JIRA
(v6.1#6144)
