You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@libcloud.apache.org by je...@apache.org on 2011/01/05 03:45:07 UTC
svn commit: r1055275 - in /incubator/libcloud/trunk: README libcloud/base.py
Author: jerry
Date: Wed Jan 5 02:45:07 2011
New Revision: 1055275
URL: http://svn.apache.org/viewvc?rev=1055275&view=rev
Log:
Update README with SSL info, remove SSL warning in libcloud/base.py
Modified:
incubator/libcloud/trunk/README
incubator/libcloud/trunk/libcloud/base.py
Modified: incubator/libcloud/trunk/README
URL: http://svn.apache.org/viewvc/incubator/libcloud/trunk/README?rev=1055275&r1=1055274&r2=1055275&view=diff
==============================================================================
--- incubator/libcloud/trunk/README (original)
+++ incubator/libcloud/trunk/README Wed Jan 5 02:45:07 2011
@@ -1,6 +1,8 @@
+
Apache libcloud - a unified interface into the cloud
+====================================================
-The goal of this project is to create a basic yet functional standard library
+The goal of this project is to create a basic yet functional standard library
into various cloud providers.
Apache libcloud is an incubator project at the Apache Software Foundation, see
@@ -9,8 +11,50 @@ Apache libcloud is an incubator project
For API documentation and examples, see:
<http://incubator.apache.org/libcloud/getting-started.html>
-WARNING: Python's built-in SSL does not do certificate validation. As such, one
-cannot be sure of the other end of the conversation with any sufficient
-authority. If you are in a position to be exploited (i.e., on an untrusted
-network), be cautious with SSL connections. This is an issue with upstream
-Python (see http://bugs.python.org/issue1589 for details) and not with libcloud.
+
+Important Security Note
+=======================
+
+Python's built-in SSL module does not do certificate validation.
+
+To address this, we've introduced the libcloud.security module with tunable
+parameters.
+
+View the entire guide at: <http://wiki.apache.org/incubator/LibcloudSSL>
+
+Enabling SSL Certificate Check
+==============================
+
+ import libcloud.security
+ libcloud.security.VERIFY_SSL_CERT = True
+
+ # optionally, add to CA_CERTS_PATH
+ libcloud.security.CA_CERTS_PATH.append("/path/to/your/cacerts.txt")
+
+CA_CERTS_PATH contains common paths to CA bundle installations on the
+following platforms:
+
+ * openssl on CentOS/Fedora
+ * ca-certificates on Debian/Ubuntu/Arch/Gentoo
+ * ca_root_nss on FreeBSD
+ * curl-ca-bundle on Mac OS X
+
+Note for OS X Users
+===================
+
+OS X root certificates are stored in the Keychain format, unlike the standard
+PEM format available on other *nix platforms. For this reason, it is not
+possible to include the standard OS X root certificates with CA_CERTS_PATH.
+
+Acquiring CA Certificates
+=========================
+
+If the above packages are unavailable to you, and you don't wish to roll your
+own, the makers of cURL provides an excellent resource, generated from
+Mozilla: http://curl.haxx.se/docs/caextract.html
+
+Feedback
+========
+
+Please send feedback to the mailing list at <li...@incubator.apache.org>,
+or the JIRA at <https://issues.apache.org/jira/browse/LIBCLOUD>.
Modified: incubator/libcloud/trunk/libcloud/base.py
URL: http://svn.apache.org/viewvc/incubator/libcloud/trunk/libcloud/base.py?rev=1055275&r1=1055274&r2=1055275&view=diff
==============================================================================
--- incubator/libcloud/trunk/libcloud/base.py (original)
+++ incubator/libcloud/trunk/libcloud/base.py Wed Jan 5 02:45:07 2011
@@ -450,14 +450,6 @@ class ConnectionKey(object):
"""
A Base Connection class to derive from.
"""
-
- # WARNING: Python's built-in SSL does not do certificate validation. As
- # such, one cannot be sure of the other end of the conversation with any
- # sufficient authority. If you are in a position to be exploited (i.e., on
- # an untrusted network), be cautious with SSL connections. This is an issue
- # with upstream Python (see http://bugs.python.org/issue1589 for details)
- # and not with libcloud.
-
#conn_classes = (LoggingHTTPSConnection)
conn_classes = (LibcloudHTTPConnection, LibcloudHTTPSConnection)