... in an attempt to ensure that verification is performed will be sorely disappointed to learn that it is not, and perhaps left vulnerable. This qualifies as a security fix and *should* be fixed in python-keystoneclient as well as keystonemiddleware.
The scenario where a deployer specifically sets:
ssl_insecure = false
... in an attempt to ensure that verification is performed will be sorely disappointed to learn that it is not, and perhaps left vulnerable. This qualifies as a security fix and *should* be fixed in python- keystoneclient as well as keystonemiddleware.