tempest

Tempest dishonors disable_ssl_certificate_validation values if ca_certificates file is defined

Bug #1705769 reported by Anna Pankiewicz
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
tempest
Fix Released
Undecided
Anna Pankiewicz

Bug Description

in tempest.lib.common.http_py:

In ClosingHttp.__init__, if disable_ssl_certification_validation is True and ca_certs is defined, tempest should not try to validate the ca_certificates file.If the certificate is self-signed, the validation will execute and fail. As it is right now if both of those values are defined, tempest.conf will try to validate the self-signed certs and it will fail. Instead, it should support self-signed certs that will not pass validation. The code should be re-sequenced to disable certificate validation even if the ca_cert location is provided.

Anna Pankiewicz (apankiewicz)
Changed in tempest:
assignee: nobody → Anna Pankiewicz (apankiewicz)
Anna Pankiewicz (apankiewicz)
Changed in tempest:
status: New → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to tempest (master)

Fix proposed to branch: master
Review: https://review.openstack.org/486748

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to tempest (master)

Reviewed: https://review.openstack.org/486748
Committed: https://git.openstack.org/cgit/openstack/tempest/commit/?id=c6a79056ca6ecdfcb070a931e874d68a4a3b06df
Submitter: Jenkins
Branch: master

commit c6a79056ca6ecdfcb070a931e874d68a4a3b06df
Author: Anna Pankiewicz <email address hidden>
Date: Mon Jul 24 10:38:35 2017 -0500

    Fix disable_ssl_certificate_validation values if ca_certificates file is defined

    In ClosingHttp.__init__, if disable_ssl_certification_validation is True and
    ca_certs is defined, tempest should not try to validate the ca_certificates
    file. If the certificate is self-signed, the validation will execute and fail.
    As it is right now if both of those values are defined, tempest.conf will try
    to validate the self-signed certs and it will fail. Instead, it should support
    self-signed certs that will not pass validation. The code should be refactored
    to correctly disable certificate validation even if the ca_cert location is
    provided.

    Change-Id: Iae42b5c2b4381947df71004613ca0a82b29730bb
    Closes-Bug: #1705769

Changed in tempest:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/tempest 17.0.0

This issue was fixed in the openstack/tempest 17.0.0 release.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.