> On July 6, 2014, 8:45 a.m., Demetrius Tsitrelis wrote: > > Another concern is that the new code is using EasySSLProtocolSocketFactory. > > Why change Cloudstack to automatically except self-signed certificates > > here? > > Dmitry Batkovich wrote: > Mm, it seems that you mean "accept" instead "except". > > It's not change because in you run current code from repository you will > see exception if you use ssl. And you need to insert this code snippet to > avoid > " > HttpsURLConnection conn = (HttpsURLConnection)url.openConnection(); > conn.setSSLSocketFactory(sslFactory); > " > > Self-signed certificate is simple implementation. If you need other you > can add some parameter to constructor and write additional couple lines of > code, but in my case self-signed certs only.
Cloudstack should be safe be default. Instead of hard-coding security exceptions and forcing users to recompile the preferred solution is to allow them to choose which certificates to accept. Let them specify that self-signed certificates are trusted by placing them in the trust store. - Demetrius ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/21776/#review47353 ----------------------------------------------------------- On May 27, 2014, 8:04 p.m., Dmitry Batkovich wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/21776/ > ----------------------------------------------------------- > > (Updated May 27, 2014, 8:04 p.m.) > > > Review request for cloudstack, Chiradeep Vittal, daan Hoogland, and Prachi > Damle. > > > Repository: cloudstack-git > > > Description > ------- > > * CloudStackClient.java http request mechanism replaced from GET requests to > POST for supporting EC2 requests larger than 2KB > * SSL enabling fixed in EC2Engine.java > > continuation of https://reviews.apache.org/r/17586/ > > > Diffs > ----- > > awsapi/conf/ec2-service.properties.in 82f5ad8 > awsapi/src/com/cloud/bridge/service/core/ec2/EC2Engine.java cd20214 > awsapi/src/com/cloud/bridge/util/JsonAccessor.java 2a94dea > awsapi/src/com/cloud/bridge/util/JsonElementUtil.java PRE-CREATION > awsapi/src/com/cloud/stack/CloudStackApi.java b7a1210 > awsapi/src/com/cloud/stack/CloudStackClient.java 03eba96 > awsapi/src/com/cloud/stack/CloudStackClientException.java PRE-CREATION > awsapi/src/com/cloud/stack/CloudStackCommand.java 8d6aa68 > awsapi/src/com/cloud/stack/CloudStackQueryBuilder.java PRE-CREATION > awsapi/test/com/cloud/gate/util/CloudStackClientTestCase.java 826cb3a > awsapi/test/com/cloud/gate/util/JsonAccessorTestCase.java 8603e59 > awsapi/test/com/cloud/gate/util/JsonElementUtilTestCase.java PRE-CREATION > > Diff: https://reviews.apache.org/r/21776/diff/ > > > Testing > ------- > > > Thanks, > > Dmitry Batkovich > >
