You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@libcloud.apache.org by je...@apache.org on 2011/01/05 03:45:07 UTC

svn commit: r1055275 - in /incubator/libcloud/trunk: README libcloud/base.py

Author: jerry
Date: Wed Jan  5 02:45:07 2011
New Revision: 1055275

URL: http://svn.apache.org/viewvc?rev=1055275&view=rev
Log:
Update README with SSL info, remove SSL warning in libcloud/base.py

Modified:
    incubator/libcloud/trunk/README
    incubator/libcloud/trunk/libcloud/base.py

Modified: incubator/libcloud/trunk/README
URL: http://svn.apache.org/viewvc/incubator/libcloud/trunk/README?rev=1055275&r1=1055274&r2=1055275&view=diff
==============================================================================
--- incubator/libcloud/trunk/README (original)
+++ incubator/libcloud/trunk/README Wed Jan  5 02:45:07 2011
@@ -1,6 +1,8 @@
+
 Apache libcloud - a unified interface into the cloud
+====================================================
 
-The goal of this project is to create a basic yet functional standard library 
+The goal of this project is to create a basic yet functional standard library
 into various cloud providers.
 
 Apache libcloud is an incubator project at the Apache Software Foundation, see
@@ -9,8 +11,50 @@ Apache libcloud is an incubator project 
 For API documentation and examples, see:
   <http://incubator.apache.org/libcloud/getting-started.html>
 
-WARNING: Python's built-in SSL does not do certificate validation.  As such, one
-cannot be sure of the other end of the conversation with any sufficient
-authority.  If you are in a position to be exploited (i.e., on an untrusted
-network), be cautious with SSL connections.  This is an issue with upstream
-Python (see http://bugs.python.org/issue1589 for details) and not with libcloud.
+
+Important Security Note
+=======================
+
+Python's built-in SSL module does not do certificate validation.
+
+To address this, we've introduced the libcloud.security module with tunable
+parameters.
+
+View the entire guide at: <http://wiki.apache.org/incubator/LibcloudSSL>
+
+Enabling SSL Certificate Check
+==============================
+
+   import libcloud.security
+   libcloud.security.VERIFY_SSL_CERT = True
+
+   # optionally, add to CA_CERTS_PATH
+   libcloud.security.CA_CERTS_PATH.append("/path/to/your/cacerts.txt")
+
+CA_CERTS_PATH contains common paths to CA bundle installations on the
+following platforms:
+
+ * openssl on CentOS/Fedora
+ * ca-certificates on Debian/Ubuntu/Arch/Gentoo
+ * ca_root_nss on FreeBSD
+ * curl-ca-bundle on Mac OS X
+
+Note for OS X Users
+===================
+
+OS X root certificates are stored in the Keychain format, unlike the standard
+PEM format available on other *nix platforms.  For this reason, it is not
+possible to include the standard OS X root certificates with CA_CERTS_PATH.
+
+Acquiring CA Certificates
+=========================
+
+If the above packages are unavailable to you, and you don't wish to roll your
+own, the makers of cURL provides an excellent resource, generated from
+Mozilla: http://curl.haxx.se/docs/caextract.html
+
+Feedback
+========
+
+Please send feedback to the mailing list at <li...@incubator.apache.org>,
+or the JIRA at <https://issues.apache.org/jira/browse/LIBCLOUD>.

Modified: incubator/libcloud/trunk/libcloud/base.py
URL: http://svn.apache.org/viewvc/incubator/libcloud/trunk/libcloud/base.py?rev=1055275&r1=1055274&r2=1055275&view=diff
==============================================================================
--- incubator/libcloud/trunk/libcloud/base.py (original)
+++ incubator/libcloud/trunk/libcloud/base.py Wed Jan  5 02:45:07 2011
@@ -450,14 +450,6 @@ class ConnectionKey(object):
     """
     A Base Connection class to derive from.
     """
-
-    # WARNING: Python's built-in SSL does not do certificate validation.  As
-    # such, one cannot be sure of the other end of the conversation with any
-    # sufficient authority.  If you are in a position to be exploited (i.e., on
-    # an untrusted network), be cautious with SSL connections.  This is an issue
-    # with upstream Python (see http://bugs.python.org/issue1589 for details)
-    # and not with libcloud.
-
     #conn_classes = (LoggingHTTPSConnection)
     conn_classes = (LibcloudHTTPConnection, LibcloudHTTPSConnection)