Change glance to require server certificate validation
by default when using https. The standard system
CA file will be used if available (and an alternative was not
provided).
The --insecure option can be used by clients to skip server
certificate validation if appropriate.
* This change will impact Nova clients accessing glance over https.
If the standard CA file is not suitable they will need to provide
a CA file or else create an 'insecure' glance client.
* Accesses to a https registry server must now perform server
certificate validation.
* If the package which provides the standard
system CA file is installed then that file will be used by default.
It probably makes sense for the glance package to have a
dependency on whichever package provides the default CA bundle.
(In Ubuntu this is 'ca-certificates')
Reviewed: https:/ /review. openstack. org/3971 github. com/openstack/ glance/ commit/ 0f0fe2ba1b772e6 964241c0631683b 306fff23c0
Committed: http://
Submitter: Jenkins
Branch: master
commit 0f0fe2ba1b772e6 964241c0631683b 306fff23c0
Author: Stuart McLaren <email address hidden>
Date: Thu Feb 9 18:10:42 2012 +0000
New -k/--insecure command line option
Fix for bug 929591.
Change glance to require server certificate validation
by default when using https. The standard system
CA file will be used if available (and an alternative was not
provided).
The --insecure option can be used by clients to skip server
certificate validation if appropriate.
* This change will impact Nova clients accessing glance over https.
If the standard CA file is not suitable they will need to provide
a CA file or else create an 'insecure' glance client.
* Accesses to a https registry server must now perform server
certificate validation.
* If the package which provides the standard
system CA file is installed then that file will be used by default.
It probably makes sense for the glance package to have a
dependency on whichever package provides the default CA bundle.
(In Ubuntu this is 'ca-certificates')
Change-Id: I7c83361ba08815 59ec77d4baf10df eb5b8e32185