Add CA Bundle to https_verify documentation

Bug #1797938 reported by Carol Bouchard on 2018-10-15
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Carol Bouchard

Bug Description

Improve Nexus documentation and debug code with respect to CA bundle passed to requests package.
This is the write-up sent as part of email.

Nexus uses the standard python 'requests' package which uses OpenSSL. By default, the driver configures
'requests' package to perform verification without specifying a CA
list. The driver merely sets the verify boolean to True. When verify
is true, 'requests' looks for environment variables REQUESTS_CA_BUNDLE
& CURL_CA_BUNDLE. By default, these are not configured so there exists no default. The user can either
set one of these variables (which affects all OpenSSL connections on the system) or pass in a path to CA bundle
which affects Nexus driver session only or provide a server self-signed certificate file.

Changed in networking-cisco:
assignee: nobody → Carol Bouchard (caboucha)
status: New → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to networking-cisco (master)

Fix proposed to branch: master

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to networking-cisco (master)

Submitter: Zuul
Branch: master

commit 33896ccaea2e74f8206d65456a7b03798888c1f4
Author: Carol Bouchard <email address hidden>
Date: Tue Oct 16 09:17:01 2018 -0400

    Nexus: Add CA Bundle path to https doc

    Update https_verify/https_local_certificate to include configuring
    CA bundles and not just self-signed certificates. It is best to
    provide your own certificates than rely on DISTROS.

    Change-Id: I948730f62533f627c507387b2b8ad3fdef05f937
    Closes-bug: #1797938

Changed in networking-cisco:
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers