From d6498b602f4182f6dbd18fd63eaaaaf8b8ada039 Mon Sep 17 00:00:00 2001 From: Stuart McLaren Date: Fri, 15 Aug 2014 14:53:34 +0000 Subject: Ensure server's SSL cert is validated A bug was introduced which meant that the server SSL certificate was not being verified. Here we make sure that it is checked (unless the --insecure flag is used). Helps guard against man-in-the-middle attack. Change-Id: I08f30bf3906b6580c871729311343fa8eefda91b Closes-bug: #1357430 --- glanceclient/common/https.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'glanceclient/common/https.py') diff --git a/glanceclient/common/https.py b/glanceclient/common/https.py index 93c6e6a..4f0e6f5 100644 --- a/glanceclient/common/https.py +++ b/glanceclient/common/https.py @@ -77,7 +77,8 @@ class HTTPSAdapter(adapters.HTTPAdapter): def cert_verify(self, conn, url, verify, cert): super(HTTPSAdapter, self).cert_verify(conn, url, verify, cert) - conn.insecure = not verify + conn.ca_certs = verify[0] + conn.insecure = verify[1] class HTTPSConnectionPool(connectionpool.HTTPSConnectionPool): -- cgit v1.2.1