Public bug reported:
HTTPSClientAuthConnection uses httplib.HTTPSConnection objects. In
Python 2.x those do not perform CA checks so client connections are
vulnerable to MiM attacks.
This should be changed to use the requests lib.
** Affects: nova
Importance: Critical
Status: Triaged
** Tags: scheduler
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1373993
Title:
Trusted Filter uses unsafe SSL connection
Status in OpenStack Compute (Nova):
Triaged
Bug description:
HTTPSClientAuthConnection uses httplib.HTTPSConnection objects. In
Python 2.x those do not perform CA checks so client connections are
vulnerable to MiM attacks.
This should be changed to use the requests lib.
To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1373993/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
