womax/python-glanceclient
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Support --os-cacert

Browse Source 
* Rename --ca-file to --os-cacert (--ca-file deprecated for
  backward compatibility)
* Add cacert to keystoneclient initialization to verify the
  keystone server certificate

This aligns glanceclient with keystoneclient for option naming
and the use of TLS for the keystone auth connection.  It does not
change the use of TLS/SSL for the glance connection.

Change-Id: If8b05655aea5f3c62612d77bf947dd790f77eddf
This commit is contained in:
Dean Troyer
2012-12-07 11:21:11 -06:00
committed by Brian Waldon
parent 2500e69b22
commit 4781da7007
3 changed files with 30 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files
glanceclient/common/http.py
+7 -7
View File
@@ -74,7 +74,7 @@ class HTTPClient(object):
_kwargs = {'timeout': float(kwargs.get('timeout', 600))}
if scheme == 'https':
_kwargs['ca_file'] = kwargs.get('ca_file', None)
_kwargs['cacert'] = kwargs.get('cacert', None)
_kwargs['cert_file'] = kwargs.get('cert_file', None)
_kwargs['key_file'] = kwargs.get('key_file', None)
_kwargs['insecure'] = kwargs.get('insecure', False)
@@ -100,7 +100,7 @@ class HTTPClient(object):
conn_params_fmt = [
('key_file', '--key %s'),
('cert_file', '--cert %s'),
('ca_file', '--cacert %s'),
('cacert', '--cacert %s'),
]
for (key, fmt) in conn_params_fmt:
value = self.connection_kwargs.get(key)
@@ -247,7 +247,7 @@ class VerifiedHTTPSConnection(httplib.HTTPSConnection):
with native Python 3.3 code.
"""
def __init__(self, host, port, key_file=None, cert_file=None,
ca_file=None, timeout=None, insecure=False,
cacert=None, timeout=None, insecure=False,
ssl_compression=True):
httplib.HTTPSConnection.__init__(self, host, port,
key_file=key_file,
@@ -257,7 +257,7 @@ class VerifiedHTTPSConnection(httplib.HTTPSConnection):
self.timeout = timeout
self.insecure = insecure
self.ssl_compression = ssl_compression
self.ca_file = ca_file
self.cacert = cacert
self.setcontext()
@staticmethod
@@ -341,11 +341,11 @@ class VerifiedHTTPSConnection(httplib.HTTPSConnection):
msg = 'Unable to load key from "%s" %s' % (self.key_file, e)
raise exc.SSLConfigurationError(msg)
if self.ca_file:
if self.cacert:
try:
self.context.load_verify_locations(self.ca_file)
self.context.load_verify_locations(self.cacert)
except Exception, e:
msg = 'Unable to load CA from "%s"' % (self.ca_file, e)
msg = 'Unable to load CA from "%s"' % (self.cacert, e)
raise exc.SSLConfigurationError(msg)
else:
self.context.set_default_verify_paths()