cloudstack-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Demetrius Tsitrelis (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CLOUDSTACK-5386) Secondary Storage does not accept SSL certs/domain other than from "realhostip.com"
Date Thu, 05 Dec 2013 20:45:38 GMT

    [ https://issues.apache.org/jira/browse/CLOUDSTACK-5386?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13840547#comment-13840547
] 

Demetrius Tsitrelis commented on CLOUDSTACK-5386:
-------------------------------------------------

Thank you for the patch.

If the DownloadManagerImpl class (or just the code which references the certificate) is no
longer used would you please remove the obsolete code which writes the log message indicating
that non-realhostip certs are not supported?  I see that the UploadMonitorImpl.configure()
has the same code as well.

> Secondary Storage does not accept SSL certs/domain other than from "realhostip.com"
> -----------------------------------------------------------------------------------
>
>                 Key: CLOUDSTACK-5386
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-5386
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the default.) 
>          Components: Storage Controller
>    Affects Versions: 4.2.0
>            Reporter: Demetrius Tsitrelis
>            Assignee: Wei Zhou
>
> The "sec.storage.ssl.cert.domain" should allow for certificates other than realhostip.com
to be used.  One use case would be for using a self-signed certificate for S3 storage.
> DownloadManageerImpl.configure() contains the following code:
>    @Override
>     public boolean configure(String name, Map<String, Object> params) {
>         final Map<String, String> configs = _configDao.getConfiguration("ManagementServer",
params);
>         _sslCopy = Boolean.parseBoolean(configs.get("secstorage.encrypt.copy"));
>         _proxy = configs.get(Config.SecStorageProxy.key());
>         String cert = configs.get("secstorage.ssl.cert.domain");
>         if (!"realhostip.com".equalsIgnoreCase(cert)) {
>             s_logger.warn("Only realhostip.com ssl cert is supported, ignoring self-signed
and other certs");
>         }



--
This message was sent by Atlassian JIRA
(v6.1#6144)

Mime
View raw message