auth_token middleware fails to fetch CA Cert
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Identity (keystone) |
Fix Released
|
Undecided
|
Adam Young |
Bug Description
If PKI tokens are enabled, the auth_token middleware never fetches the CA Cert. It will fetch the signing cert.
TO reproduce. Run devstack. Kill Keystone and change the Keystone.conf file, set
[signing]
disable_pki = False
Then rerun Keytstone. keystone token-get will now return a huge token.
run galnce image-list and you will see an error indicating an invalid auth token.
The following change fixes the problem, and indicated the root cause: the test for cert file was specific to one of the two files (the signing cert) and thus was never testing for the CA cert.
[ayoung@ayoung keystone]$ git diff
diff --git a/keystone/
index c82e5ef..e042dbb 100644
--- a/keystone/
+++ b/keystone/
@@ -565,8 +565,8 @@ class AuthProtocol(
def cert_file_
- return (called_
- and not os.path.
+ return (called_
+ and not os.path.
def verify_
Changed in keystone: | |
assignee: | nobody → Adam Young (ayoung) |
Changed in keystone: | |
milestone: | none → folsom-3 |
status: | Fix Committed → Fix Released |
Changed in keystone: | |
milestone: | folsom-3 → 2012.2 |
Fix proposed to branch: master /review. openstack. org/10536
Review: https:/