** Also affects: ossa
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1257566
Title:
EC2 and S3 token middleware create insecure connections
Status in OpenStack Identity (Keystone):
New
Status in OpenStack Security Advisories:
New
Bug description:
EC2 and S3 token middleware are similar to auth_token_middleware
receiving and authenticating ec2/s3 tokens. They both still use the
httplib method of connecting to keystone and so doesn't validate any
SSL certificates.
On top of this they appears to be completely untested.
They are not enabled by keystone's default pipeline and are thus most
likely not used at all and should be either deprecated or moved into
keystoneclient.
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1257566/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
