Default to requests cert bundle instead of nothing
Bug #1362179 reported by
Rob Crittenden
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Glance Client |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
If no CA certificate was provided to a glance client call then verify is set to None which generally results in failure because there are no CA certs at all to validate against. It should instead default to requests.
From certs.py:
"This module returns the preferred default CA certificate bundle.
If you are packaging Requests, e.g., for a Linux distribution or a managed
environment, you can change the definition of where() to return a separately
packaged CA bundle."
In Fedora/RHEL this is set to /etc/pki/
In Ubuntu 14.04 and Debian Wheezy it is set to /etc/ssl/
Changed in python-glanceclient: | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
Reviewed: https:/ /review. openstack. org/117247 /git.openstack. org/cgit/ openstack/ python- glanceclient/ commit/ ?id=929a72e76fe 1dd72e8fa28a8e3 e1b574a6c19973
Committed: https:/
Submitter: Jenkins
Branch: master
commit 929a72e76fe1dd7 2e8fa28a8e3e1b5 74a6c19973
Author: Rob Crittenden <email address hidden>
Date: Tue Aug 26 18:12:19 2014 -0400
Default to system CA bundle if no CA certificate is provided
If no CA certificate is provided to be used for validation then requests.
fall back to the system-wide CA bundle as presented by
python-
Change-Id: I05206a868150d4 b62b6f1b833310e b9b86b7c4f8
Closes-bug: #1362179