Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

this python project is vulnerable to MITM as it fails to verify the ssl validity of the remote destination #2

Closed
d1b opened this issue Sep 29, 2010 · 1 comment

Comments

@d1b
Copy link

d1b commented Sep 29, 2010

this python project is vulnerable to MITM as it fails to verify the ssl validity of the remote destination.
urllib / urllib2, httplib.SHTTPConnection do not verify ssl at all by default.
from base.py
class ConnectionKey(object):
"""
A Base Connection class to derive from.
"""
conn_classes = (httplib.HTTPConnection, httplib.HTTPSConnection)

....
def connect(self, host=None, port=None):
.....
connection = self.conn_classes[self.secure](host, port)

this request can be MITMed leading to the compromise of a users API key - where a secured https connection was requested, but can be MITM'ed.

@jcsalterego
Copy link
Contributor

This has been resolved with https://issues.apache.org/jira/browse/LIBCLOUD-65

More information is available at http://wiki.apache.org/incubator/LibcloudSSL

kshileev referenced this issue in epolyan/libcloud May 4, 2011
rphillips pushed a commit to rphillips/libcloud that referenced this issue Oct 6, 2011
Monitoring add notifications and notification plans
@Kami Kami closed this as completed Jun 8, 2019
Kami pushed a commit that referenced this issue Aug 6, 2019
asfgit pushed a commit that referenced this issue Dec 6, 2020
Add new image / snapshot / server certificate / virtual gateway features for outscale provider
Kami pushed a commit to Kami/libcloud that referenced this issue Oct 28, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants