Comment 3 for bug 1404390

Reviewed: https://review.openstack.org/143072
Committed: https://git.openstack.org/cgit/openstack/nova/commit/?id=5b0cf8e0aab88d96df5f0f07c6a06974dd2d6c14
Submitter: Jenkins
Branch: master

commit 5b0cf8e0aab88d96df5f0f07c6a06974dd2d6c14
Author: Corey Wright <email address hidden>
Date: Fri Dec 19 04:15:30 2014 -0600

    Update WSGI SSL IPv6 test and SSL certificates

    Switch the WSGI SSL IPv6 test from urllib2 to Requests because of
    Python 2.7.9 changes and provide a server SSL certificate that
    supports IPv6.

    The test failed on Python 2.7.9 because Python now verifies SSL
    connections by default (PEP 466) and the test CA certificate was not
    provided to verify the SSL connection. Passing urllib2.urlopener the
    test CA certificate through the new cafile parameter allows Python to
    verify the SSL connection, but is not compatible with prior versions
    of Python. Requests supports using a CA file regardless of Python 2.7
    version.

    Once using Requests and the test CA certificate to verify the SSL
    connection the test continued to fail because the previous certificate
    only specified an IPv4 address, specifically in the deprecated Common
    Name field, which is unsuitable for verifying an IPv6 address.

        Error: hostname '::1' doesn't match u'0.0.0.0'

    A new certificate was created with a wildcard in the Common Name
    field, but primarily depends on IPv4 and IPv6 localhost names and
    addresses in the Subject Alternative Name field to accommodate a
    variety of test scenarios and in line with industry practices (see RFC
    2818).

    The old CA's private key was not available to sign the new server
    certificate so a new CA certificate was generated and it's public and
    private keys are provided.

    Closes-Bug: #1404390

    Change-Id: I990d5b5b57d1b5c569aa86828364b3a762d149e1