Uploaded image for project: 'Libcloud'
  1. Libcloud
  2. LIBCLOUD-283

Allow SSL_CERT_FILE env to point to location of CA certificates

    XMLWordPrintableJSON

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 0.12.1
    • Component/s: Core
    • Labels:

      Description

      One of the problems that Linux distributions have is a lack of a centralized certificate store for CAs. Couple this with different locations for different distros (as well as different formats, NSS etc.) and it can get to be a pain pretty easily.

      Currently libcloud has a small set of hard coded locations that are searched for a CA bundle. This patch adds the ability to set the SSL_CERT_FILE environment variable to point to a given location and that file will be used as the CA store. This increases the flexibility in terms of platforms that can use libcloud.

      openssl, as well as ruby use the same variable to locate their CA files (if needed).

      Security has been raised as a potential issue here. I can't speak with a great deal of authority on this. It appears to me that an attacker with the level of access required to do this would be able to subvert any program in any other number of ways as well. As usual flexibility will need to be weighed against security.

      github pull request here: https://github.com/apache/libcloud/pull/90/files

      -Erinn

        Attachments

          Activity

            People

            • Assignee:
              kami Tomaz Muraus
              Reporter:
              erinn Erinn Looney-Triggs
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: