[Bug 611194] Re: No secure way to protect against MiM attacks
Scott Moser
smoser at ubuntu.com
Wed Dec 14 19:07:23 UTC 2011
This appears to be fixed in boto at http://codereview.appspot.com/4425052/ .
That went into trunk ~ April 18 of 2011, which was prior to boto 2.0 release (which is in 11.10).
I've done some remedial testing and verified that a ~/.boto file with the
following reads the packaged boto file
/usr/lib/python2.7/dist-packages/boto/cacerts/cacerts.txt (a symlink to
/usr/share/pyshared/boto/cacerts/cacerts.txt).
--- ~/.boto ---
[Boto]
https_validate_certificates = true
I've also verified that if you do something like:
[Boto]
https_validate_certificates = true
ca_certificates_file = mycacerts.txt
and populate mycacerts.txt with some garbage, you will get something like:
$ euca-describe-instances
[Errno 1] _ssl.c:503: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
** Changed in: euca2ools (Ubuntu)
Status: Confirmed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to euca2ools in Ubuntu.
https://bugs.launchpad.net/bugs/611194
Title:
No secure way to protect against MiM attacks
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/euca2ools/+bug/611194/+subscriptions
More information about the Ubuntu-server-bugs
mailing list