Sean, well, you could get them with:
import ssl ssl.get_default_verify_paths().openssl_cafile
as opposed to using the set_.* function.
Currently, the default CA bundle is the same as the one for python-requests, since it's what keystoneauth's session uses. And it's using some default already: http://docs.python-requests.org/en/master/user/advanced/#ca-certificates
So you might want to discuss this in the mailing list, since this might change the behavior of a LOT of OpenStack services, since most use keystoneauth's sessions.
Sean, well, you could get them with:
import ssl default_ verify_ paths() .openssl_ cafile
ssl.get_
as opposed to using the set_.* function.
Currently, the default CA bundle is the same as the one for python-requests, since it's what keystoneauth's session uses. And it's using some default already: http:// docs.python- requests. org/en/ master/ user/advanced/ #ca-certificate s
So you might want to discuss this in the mailing list, since this might change the behavior of a LOT of OpenStack services, since most use keystoneauth's sessions.