You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@libcloud.apache.org by je...@apache.org on 2010/09/29 18:07:07 UTC

svn commit: r1002708 - in /incubator/libcloud/trunk: README libcloud/base.py

Author: jed
Date: Wed Sep 29 16:07:07 2010
New Revision: 1002708

URL: http://svn.apache.org/viewvc?rev=1002708&view=rev
Log:
LIBCLOUD-55: Add warnings and a link to Python bug tracker

Modified:
    incubator/libcloud/trunk/README
    incubator/libcloud/trunk/libcloud/base.py

Modified: incubator/libcloud/trunk/README
URL: http://svn.apache.org/viewvc/incubator/libcloud/trunk/README?rev=1002708&r1=1002707&r2=1002708&view=diff
==============================================================================
--- incubator/libcloud/trunk/README (original)
+++ incubator/libcloud/trunk/README Wed Sep 29 16:07:07 2010
@@ -7,4 +7,10 @@ Apache libcloud is an incubator project 
 <http://incubator.apache.org/libcloud> for more information.
 
 For API documentation and examples, see:
-  <http://incubator.apache.org/libcloud/getting-started.html>
\ No newline at end of file
+  <http://incubator.apache.org/libcloud/getting-started.html>
+
+WARNING: Python's built-in SSL does not do certificate validation.  As such, one
+cannot be sure of the other end of the conversation with any sufficient
+authority.  If you are in a position to be exploited (i.e., on an untrusted
+network), be cautious with SSL connections.  This is an issue with upstream
+Python (see http://bugs.python.org/issue1589 for details) and not with libcloud.

Modified: incubator/libcloud/trunk/libcloud/base.py
URL: http://svn.apache.org/viewvc/incubator/libcloud/trunk/libcloud/base.py?rev=1002708&r1=1002707&r2=1002708&view=diff
==============================================================================
--- incubator/libcloud/trunk/libcloud/base.py (original)
+++ incubator/libcloud/trunk/libcloud/base.py Wed Sep 29 16:07:07 2010
@@ -307,6 +307,14 @@ class ConnectionKey(object):
     """
     A Base Connection class to derive from.
     """
+
+    # WARNING: Python's built-in SSL does not do certificate validation.  As
+    # such, one cannot be sure of the other end of the conversation with any
+    # sufficient authority.  If you are in a position to be exploited (i.e., on
+    # an untrusted network), be cautious with SSL connections.  This is an issue
+    # with upstream Python (see http://bugs.python.org/issue1589 for details)
+    # and not with libcloud.
+
     #conn_classes = (httplib.LoggingHTTPConnection, LoggingHTTPSConnection)
     conn_classes = (httplib.HTTPConnection, httplib.HTTPSConnection)