Merge lp:~tal-it-innovation/charms/precise/rabbitmq-server/ssl-support into lp:charms/rabbitmq-server
Proposed by
Thomas Leonard
Status: | Merged |
---|---|
Approved by: | Clint Byrum |
Approved revision: | 34 |
Merged at revision: | 33 |
Proposed branch: | lp:~tal-it-innovation/charms/precise/rabbitmq-server/ssl-support |
Merge into: | lp:charms/rabbitmq-server |
Diff against target: |
112 lines (+92/-1) 4 files modified
README (+17/-0) config.yaml (+15/-0) hooks/config-changed (+59/-0) revision (+1/-1) |
To merge this branch: | bzr merge lp:~tal-it-innovation/charms/precise/rabbitmq-server/ssl-support |
Related bugs: |
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Clint Byrum (community) | Approve | ||
Review via email: mp+122698@code.launchpad.net |
Description of the change
This branch adds support for enabling Rabbit's SSL support. Instructions are in the README.
To post a comment you must log in.
Hi Thomas. This is a great change. Needs a few fixups:
+exec 3> rabbitmq.config.new
This is a predictable temp file. While the dir is not normally world-writable, its best not to tempt fate with this type of code. If an admin or a later release of Ubuntu were to add group-write perms to the dir, then an attacker could use this predictability to overwrite files as root.
new_config=`mktemp /etc/rabbitmq/ .rabbitmq. config. XXXXXX`
exec 3> $new_config
and then later of course you need to do your rename using $new_config.
Also I think there's something missing here (though its not a blocker to merge the change) which is to add an amqp-ssl relation or some kind of indicator that SSL is available to the existing "rabbitmq" interface relation.