cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Demetrius Tsitrelis" <dtsitre...@live.com>
Subject Re: Review Request 21776: AWSAPI: cloudstack api on POST requests (instead GET), ssl enabling fixed
Date Sun, 06 Jul 2014 21:12:25 GMT


> On July 6, 2014, 8:45 a.m., Demetrius Tsitrelis wrote:
> > Another concern is that the new code is using EasySSLProtocolSocketFactory.  Why
change Cloudstack to automatically except self-signed certificates here?
> 
> Dmitry Batkovich wrote:
>     Mm, it seems that you mean "accept" instead "except".
>     
>     It's not change because in you run current code from repository you will see exception
if you use ssl. And you need to insert this code snippet to avoid
>     "
>     HttpsURLConnection conn = (HttpsURLConnection)url.openConnection();
>     conn.setSSLSocketFactory(sslFactory);
>     "
>     
>     Self-signed certificate is simple implementation. If you need other you can add some
parameter to constructor and write additional couple lines of code, but in my case self-signed
certs only.

Cloudstack should be safe be default.  Instead of hard-coding security exceptions and forcing
users to recompile the preferred solution is to allow them to choose which certificates to
accept.  Let them specify that self-signed certificates are trusted by placing them in the
trust store.


- Demetrius


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/21776/#review47353
-----------------------------------------------------------


On May 27, 2014, 8:04 p.m., Dmitry Batkovich wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/21776/
> -----------------------------------------------------------
> 
> (Updated May 27, 2014, 8:04 p.m.)
> 
> 
> Review request for cloudstack, Chiradeep Vittal, daan Hoogland, and Prachi Damle.
> 
> 
> Repository: cloudstack-git
> 
> 
> Description
> -------
> 
> * CloudStackClient.java http request mechanism replaced from GET requests to POST for
supporting EC2 requests larger than 2KB
> * SSL enabling fixed in EC2Engine.java
> 
> continuation of https://reviews.apache.org/r/17586/
> 
> 
> Diffs
> -----
> 
>   awsapi/conf/ec2-service.properties.in 82f5ad8 
>   awsapi/src/com/cloud/bridge/service/core/ec2/EC2Engine.java cd20214 
>   awsapi/src/com/cloud/bridge/util/JsonAccessor.java 2a94dea 
>   awsapi/src/com/cloud/bridge/util/JsonElementUtil.java PRE-CREATION 
>   awsapi/src/com/cloud/stack/CloudStackApi.java b7a1210 
>   awsapi/src/com/cloud/stack/CloudStackClient.java 03eba96 
>   awsapi/src/com/cloud/stack/CloudStackClientException.java PRE-CREATION 
>   awsapi/src/com/cloud/stack/CloudStackCommand.java 8d6aa68 
>   awsapi/src/com/cloud/stack/CloudStackQueryBuilder.java PRE-CREATION 
>   awsapi/test/com/cloud/gate/util/CloudStackClientTestCase.java 826cb3a 
>   awsapi/test/com/cloud/gate/util/JsonAccessorTestCase.java 8603e59 
>   awsapi/test/com/cloud/gate/util/JsonElementUtilTestCase.java PRE-CREATION 
> 
> Diff: https://reviews.apache.org/r/21776/diff/
> 
> 
> Testing
> -------
> 
> 
> Thanks,
> 
> Dmitry Batkovich
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message