diff options
author | Corey Wright <corey.wright@rackspace.com> | 2014-12-19 04:15:30 -0600 |
---|---|---|
committer | Corey Wright <corey.wright@rackspace.com> | 2015-01-07 23:10:00 -0600 |
commit | 5b0cf8e0aab88d96df5f0f07c6a06974dd2d6c14 (patch) | |
tree | 592574f69fac2d76716aacd5ccfc82463e38c4f9 /plugins/xenserver | |
parent | 82b3d9fdd422eb83472999953fafdbc2f2c6a996 (diff) | |
download | nova-5b0cf8e0aab88d96df5f0f07c6a06974dd2d6c14.tar.gz |
Update WSGI SSL IPv6 test and SSL certificates
Switch the WSGI SSL IPv6 test from urllib2 to Requests because of
Python 2.7.9 changes and provide a server SSL certificate that
supports IPv6.
The test failed on Python 2.7.9 because Python now verifies SSL
connections by default (PEP 466) and the test CA certificate was not
provided to verify the SSL connection. Passing urllib2.urlopener the
test CA certificate through the new cafile parameter allows Python to
verify the SSL connection, but is not compatible with prior versions
of Python. Requests supports using a CA file regardless of Python 2.7
version.
Once using Requests and the test CA certificate to verify the SSL
connection the test continued to fail because the previous certificate
only specified an IPv4 address, specifically in the deprecated Common
Name field, which is unsuitable for verifying an IPv6 address.
Error: hostname '::1' doesn't match u'0.0.0.0'
A new certificate was created with a wildcard in the Common Name
field, but primarily depends on IPv4 and IPv6 localhost names and
addresses in the Subject Alternative Name field to accommodate a
variety of test scenarios and in line with industry practices (see RFC
2818).
The old CA's private key was not available to sign the new server
certificate so a new CA certificate was generated and it's public and
private keys are provided.
Closes-Bug: #1404390
Change-Id: I990d5b5b57d1b5c569aa86828364b3a762d149e1
Diffstat (limited to 'plugins/xenserver')
0 files changed, 0 insertions, 0 deletions