tempest

disable_ssl_certificate_validation is broken

Bug #1542278 reported by Joseph Lanoux on 2016-02-05

This bug affects 2 people

Affects		Status	Importance	Assigned to	Milestone
	tempest	Invalid	Undecided	Unassigned

Bug Description

It seems that there is a regression here.

If tempest.conf is configure with disable_ssl_certificate_validation = true, with no ca_certificates_file defined and with an auth_url in https, Tempest will fail with SSH certificate errors.
But if you add a ca_certificates_file but still have disable_ssl_certificate_validation = true, Tempest is happy.

The behaviour should be that if an auth_url in https is provided and disable_ssl_certificate_validation = true, whether a ca_certificates_file is given or not, Tempest should fail with a nice SSL message.

Anthony Washington (anthony-washington) on 2016-07-13

Changed in tempest:
assignee:	nobody → Anthony Washington (anthony-washington)

Anthony Washington (anthony-washington) on 2016-07-13

Changed in tempest:
status:	New → In Progress

Anthony Washington (anthony-washington) on 2016-07-13

Changed in tempest:
status:	In Progress → Confirmed

Anthony Washington (anthony-washington) on 2017-01-23

Changed in tempest:
assignee:	Anthony Washington (anthony-washington) → nobody

Revision history for this message

Martin Kopec (mkopec) wrote on 2021-01-08:

Might be related to https://bugs.launchpad.net/tempest/+bug/1907554

Revision history for this message

Martin Kopec (mkopec) wrote on 2021-01-11:

[identity]
disable_ssl_certificate_validation = True
ca_certificates_file = <path to the ca file>

tests pass and it doesn't matter if the ca_certificates_file is set or not.

disable_ssl_certificate_validation = False

then ca_certificates_file has to be set, otherwise tests will fail with:

urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='10.0.146.86', port=443): Max retries exceeded with url: /identity/v3/auth/tokens (Caused by SSLError(FileNotFoundError(2, 'No such file or directory'),))

Seems that it works as expected. Considering that the bug was filed almost 5 years ago, it's very possible that this has got addressed already as the code base has changed significantly since 5 years ago.

Revision history for this message

Martin Kopec (mkopec) wrote on 2021-01-11:

Marking as Invalid, see the previous comment for explanation.

Changed in tempest:
status:	Confirmed → Invalid

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.