Comment 0 for bug 1872314

Hi,

just run into some issues with tempest-plugins (octavia, murano, ..) which seem not (jet) to set ca_certs during their client-init.

It seems this was no a problem until urllib3 changed the default from "CERT_NONE" to "CERT_REQUIRED" ( => https://urllib3.readthedocs.io/en/latest/user-guide.html#certificate-verification )

This change also makes ca_certificates_file config-option no longer "optional", because afaikt urllib3 isnt using system ca-certs per default, instead tempest should set "certifi.where()" as default.

This would also help/workaround above plugin-issues until they got config-options for ca_certs themselves.

I already created a small patch to fix this, just would like to ask: What do you think about this change?