libcloud-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From j..@apache.org
Subject svn commit: r1002708 - in /incubator/libcloud/trunk: README libcloud/base.py
Date Wed, 29 Sep 2010 16:07:07 GMT
Author: jed
Date: Wed Sep 29 16:07:07 2010
New Revision: 1002708

URL: http://svn.apache.org/viewvc?rev=1002708&view=rev
Log:
LIBCLOUD-55: Add warnings and a link to Python bug tracker

Modified:
    incubator/libcloud/trunk/README
    incubator/libcloud/trunk/libcloud/base.py

Modified: incubator/libcloud/trunk/README
URL: http://svn.apache.org/viewvc/incubator/libcloud/trunk/README?rev=1002708&r1=1002707&r2=1002708&view=diff
==============================================================================
--- incubator/libcloud/trunk/README (original)
+++ incubator/libcloud/trunk/README Wed Sep 29 16:07:07 2010
@@ -7,4 +7,10 @@ Apache libcloud is an incubator project 
 <http://incubator.apache.org/libcloud> for more information.
 
 For API documentation and examples, see:
-  <http://incubator.apache.org/libcloud/getting-started.html>
\ No newline at end of file
+  <http://incubator.apache.org/libcloud/getting-started.html>
+
+WARNING: Python's built-in SSL does not do certificate validation.  As such, one
+cannot be sure of the other end of the conversation with any sufficient
+authority.  If you are in a position to be exploited (i.e., on an untrusted
+network), be cautious with SSL connections.  This is an issue with upstream
+Python (see http://bugs.python.org/issue1589 for details) and not with libcloud.

Modified: incubator/libcloud/trunk/libcloud/base.py
URL: http://svn.apache.org/viewvc/incubator/libcloud/trunk/libcloud/base.py?rev=1002708&r1=1002707&r2=1002708&view=diff
==============================================================================
--- incubator/libcloud/trunk/libcloud/base.py (original)
+++ incubator/libcloud/trunk/libcloud/base.py Wed Sep 29 16:07:07 2010
@@ -307,6 +307,14 @@ class ConnectionKey(object):
     """
     A Base Connection class to derive from.
     """
+
+    # WARNING: Python's built-in SSL does not do certificate validation.  As
+    # such, one cannot be sure of the other end of the conversation with any
+    # sufficient authority.  If you are in a position to be exploited (i.e., on
+    # an untrusted network), be cautious with SSL connections.  This is an issue
+    # with upstream Python (see http://bugs.python.org/issue1589 for details)
+    # and not with libcloud.
+
     #conn_classes = (httplib.LoggingHTTPConnection, LoggingHTTPSConnection)
     conn_classes = (httplib.HTTPConnection, httplib.HTTPSConnection)
 



Mime
View raw message