You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@cloudstack.apache.org by "Wei Zhou (JIRA)" <ji...@apache.org> on 2013/12/05 21:13:36 UTC

[jira] [Resolved] (CLOUDSTACK-5386) Secondary Storage does not accept SSL certs/domain other than from "realhostip.com"

     [ https://issues.apache.org/jira/browse/CLOUDSTACK-5386?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Wei Zhou resolved CLOUDSTACK-5386.
----------------------------------

    Resolution: Fixed
      Assignee: Wei Zhou

DownloadManagerImpl makes no effect in cloudstack 4.2, as the storage framework changed by Edison su.

I have committed a patch for this issue.
https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;a=commit;h=9be402cb0693d8aeb779aa7f5ccbe7070c2f03de

> Secondary Storage does not accept SSL certs/domain other than from "realhostip.com"
> -----------------------------------------------------------------------------------
>
>                 Key: CLOUDSTACK-5386
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-5386
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the default.) 
>          Components: Storage Controller
>    Affects Versions: 4.2.0
>            Reporter: Demetrius Tsitrelis
>            Assignee: Wei Zhou
>
> The "sec.storage.ssl.cert.domain" should allow for certificates other than realhostip.com to be used.  One use case would be for using a self-signed certificate for S3 storage.
> DownloadManageerImpl.configure() contains the following code:
>    @Override
>     public boolean configure(String name, Map<String, Object> params) {
>         final Map<String, String> configs = _configDao.getConfiguration("ManagementServer", params);
>         _sslCopy = Boolean.parseBoolean(configs.get("secstorage.encrypt.copy"));
>         _proxy = configs.get(Config.SecStorageProxy.key());
>         String cert = configs.get("secstorage.ssl.cert.domain");
>         if (!"realhostip.com".equalsIgnoreCase(cert)) {
>             s_logger.warn("Only realhostip.com ssl cert is supported, ignoring self-signed and other certs");
>         }



--
This message was sent by Atlassian JIRA
(v6.1#6144)