precise glance-client doesn't validate ssl certificates correctly
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
glance (Ubuntu) |
Expired
|
Undecided
|
Unassigned |
Bug Description
The version of glance-client in precise doesn't appear to validate SSL certificates correctly.
$ dpkg-query -W glance-client
glance-client 2012.1.
$ glance --version
glance 2012.1.3-dev
$ lsb_release -rd
Description: Ubuntu 12.04.1 LTS
Release: 12.04
By looking at the code it appears that to specify the CA file you need to set an environment variable GLANCE_
The SSL certificate we're trying to use is from GoDaddy, so I have the certficate authority file from them that I'm pointing GLANCE_
I've also placed it in /usr/local/
$ glance -v -N https:/
Failed to show index. Got error:
Connect error/bad request to Auth service at URL https:/
Completed in 0.0234 sec.
To ensure that the ca files are correct, I validated that connecting via openssl works fine when specifying the files:
# Without the ca files specified:
$ openssl s_client -connect localhost:5000 2> /dev/null | grep "Verify return code"
Verify return code: 21 (unable to verify the first certificate)
# Using gd_bundle.crt
$ openssl s_client -CAfile /usr/local/
Verify return code: 0 (ok)
How do we get the glance command line client to validate correctly with valid SSL certificates?
Status changed to 'Confirmed' because the bug affects multiple users.