Re: [libvirt] [sandbox PATCH 01/11] Add virt-sandbox-image

Friday, 31 July 2015

On Fri, Jul 31, 2015 at 09:15:13AM +0200, Guido Günther wrote:
...
 On Thu, Jul 23, 2015 at 03:57:27PM +0000, Eren Yagdiran wrote:
 [..snip..]
 > +def get_url(server, path, headers):
 > +    url = "https://" + server + path
 > +    debug("  Fetching %s..." % url)
 > +    
 > +    req = urllib2.Request(url=url)

 This does not seem to do any certificate validation (just in case this
 ends up in a distro's /usr/bin/ I can already see the CVE forthcoming). 
IIUC, with latest python2/3 urllib2 will now do certificate
validation by default for https urls.

  https://bugs.python.org/issue22417

Regards,
Daniel
-- 
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org       -o-       http://live.gnome.org/gtk-vnc :|

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

Re: [libvirt] [sandbox PATCH 01/11] Add virt-sandbox-image