2020-04-12 16:17:59 |
Fabian Zimmermann |
description |
Hi,
just run into some issues with tempest-plugins (octavia, murano, ..) which seem not (jet) to set ca_certs during their client-init.
It seems this was no a problem until urllib3 changed the default from "CERT_NONE" to "CERT_REQUIRED" ( => https://urllib3.readthedocs.io/en/latest/user-guide.html#certificate-verification )
This change also makes ca_certificates_file config-option no longer "optional", because afaikt urllib3 isnt using system ca-certs per default, instead tempest should set "certifi.where()" as default.
This would also help/workaround above plugin-issues until they got config-options for ca_certs themselves.
I already created a small patch to fix this, just would like to ask: What do you think about this change? |
Hi,
just run into some issues with tempest-plugins (octavia, murano, ..) which seem not (jet) to set ca_certs during their client-init.
It seems this was no problem until urllib3 changed the default from "CERT_NONE" to "CERT_REQUIRED" ( => https://urllib3.readthedocs.io/en/latest/user-guide.html#certificate-verification )
This change also makes the "ca_certificates_file" config-option no longer "optional", because afaik urllib3 isnt using system ca-certs per default, instead tempest should set "certifi.where()" as default.
This would also help/workaround above plugin-issues until they got config-options for ca_certs themselves.
I already created a small patch to fix this, just would like to ask: What do you think about this change? |
|