Merge lp:~jose/charms/precise/owncloud/fix-poodle into lp:charms/owncloud

Proposed by José Antonio Rey on 2015-01-12
Status: Merged
Merged at revision: 29
Proposed branch: lp:~jose/charms/precise/owncloud/fix-poodle
Merge into: lp:charms/owncloud
Diff against target: 14 lines (+4/-0)
1 file modified
hooks/config-changed (+4/-0)
To merge this branch: bzr merge lp:~jose/charms/precise/owncloud/fix-poodle
Reviewer Review Type Date Requested Status
Charles Butler (community) 2015-01-12 Approve on 2015-02-24
Review Queue (community) automated testing Needs Fixing on 2015-01-16
Review via email: mp+246208@code.launchpad.net

Description of the change

Fixed POODLE vulnerability.

To post a comment you must log in.
Charles Butler (lazypower) wrote :

LGTM

just as a curiosity, have you run an owncloud deployment through the certification process on https://www.ssllabs.com/ssltest/? I use this almost exclusively when doing SSL work to verify I have built my keys correctly and have them implemented with perfect forward secrecy.

Not a requirement, but food for thought :)

review: Approve
Charles Butler (lazypower) wrote :

Ah wait, i didn't notice this is in install - what about existing deployments?

Can you move this to either upgrade-charm, or config-changed so we make sure we've fixed anythin gout there in the wild? Thanks!

review: Needs Fixing
Review Queue (review-queue) wrote :

This items has failed automated testing! Results available here http://reports.vapour.ws/charm-tests/charm-bundle-test-10950-results

review: Needs Fixing (automated testing)
30. By José Antonio Rey on 2015-02-03

Moved from install to config-changed

José Antonio Rey (jose) wrote :

Should be done now!

Charles Butler (lazypower) wrote :

+1 LGTM - deployed and checked site and poodle was not a listed vulnerability.

Thanks for this, keep up the good work Jose!

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'hooks/config-changed'
2--- hooks/config-changed 2014-07-21 21:59:37 +0000
3+++ hooks/config-changed 2015-02-03 07:07:49 +0000
4@@ -170,6 +170,10 @@
5 service apache2 start || :
6 service apache2 reload
7
8+if [ ! -f .fixpoodle ]; then
9+ sed -i "s/SSLProtocol all/SSLProtocol all -SSLv3/g" /etc/apache2/mods-enabled/ssl.conf
10+ touch .fixpoodle
11+fi
12
13
14 if [ ! -f .443 ]; then

Subscribers

People subscribed via source and target branches

to all changes:
to status/vote changes: