You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@libcloud.apache.org by je...@apache.org on 2010/09/29 18:07:07 UTC
svn commit: r1002708 - in /incubator/libcloud/trunk: README libcloud/base.py
Author: jed
Date: Wed Sep 29 16:07:07 2010
New Revision: 1002708
URL: http://svn.apache.org/viewvc?rev=1002708&view=rev
Log:
LIBCLOUD-55: Add warnings and a link to Python bug tracker
Modified:
incubator/libcloud/trunk/README
incubator/libcloud/trunk/libcloud/base.py
Modified: incubator/libcloud/trunk/README
URL: http://svn.apache.org/viewvc/incubator/libcloud/trunk/README?rev=1002708&r1=1002707&r2=1002708&view=diff
==============================================================================
--- incubator/libcloud/trunk/README (original)
+++ incubator/libcloud/trunk/README Wed Sep 29 16:07:07 2010
@@ -7,4 +7,10 @@ Apache libcloud is an incubator project
<http://incubator.apache.org/libcloud> for more information.
For API documentation and examples, see:
- <http://incubator.apache.org/libcloud/getting-started.html>
\ No newline at end of file
+ <http://incubator.apache.org/libcloud/getting-started.html>
+
+WARNING: Python's built-in SSL does not do certificate validation. As such, one
+cannot be sure of the other end of the conversation with any sufficient
+authority. If you are in a position to be exploited (i.e., on an untrusted
+network), be cautious with SSL connections. This is an issue with upstream
+Python (see http://bugs.python.org/issue1589 for details) and not with libcloud.
Modified: incubator/libcloud/trunk/libcloud/base.py
URL: http://svn.apache.org/viewvc/incubator/libcloud/trunk/libcloud/base.py?rev=1002708&r1=1002707&r2=1002708&view=diff
==============================================================================
--- incubator/libcloud/trunk/libcloud/base.py (original)
+++ incubator/libcloud/trunk/libcloud/base.py Wed Sep 29 16:07:07 2010
@@ -307,6 +307,14 @@ class ConnectionKey(object):
"""
A Base Connection class to derive from.
"""
+
+ # WARNING: Python's built-in SSL does not do certificate validation. As
+ # such, one cannot be sure of the other end of the conversation with any
+ # sufficient authority. If you are in a position to be exploited (i.e., on
+ # an untrusted network), be cautious with SSL connections. This is an issue
+ # with upstream Python (see http://bugs.python.org/issue1589 for details)
+ # and not with libcloud.
+
#conn_classes = (httplib.LoggingHTTPConnection, LoggingHTTPSConnection)
conn_classes = (httplib.HTTPConnection, httplib.HTTPSConnection)