openstack/deb-glance
Code Issues Proposed changes
d9f4cbfa75
deb-glance/glance/tests/var
History
Stuart McLaren 0f0fe2ba1b New -k/--insecure command line option 
Fix for bug 929591.

Change glance to require server certificate validation
by default when using https. The standard system
CA file will be used if available (and an alternative was not
provided).

The --insecure option can be used by clients to skip server
certificate validation if appropriate.

* This change will impact Nova clients accessing glance over https.
  If the standard CA file is not suitable they will need to provide
  a CA file or else create an 'insecure' glance client.
* Accesses to a https registry server must now perform server
  certificate validation.
* If the package which provides the standard
  system CA file is installed then that file will be used by default.
  It probably makes sense for the glance package to have a
  dependency on whichever package provides the default CA bundle.
  (In Ubuntu this is 'ca-certificates')

Change-Id: I7c83361ba0881559ec77d4baf10dfeb5b8e32185
2012-02-13 13:57:13 +00:00
..
ca.crt New -k/--insecure command line option 2012-02-13 13:57:13 +00:00
certificate.crt New -k/--insecure command line option 2012-02-13 13:57:13 +00:00
privatekey.key New -k/--insecure command line option 2012-02-13 13:57:13 +00:00