summaryrefslogtreecommitdiff
path: root/plugins/xenserver
diff options
context:
space:
mode:
authorCorey Wright <corey.wright@rackspace.com>2014-12-19 04:15:30 -0600
committerCorey Wright <corey.wright@rackspace.com>2015-01-07 23:10:00 -0600
commit5b0cf8e0aab88d96df5f0f07c6a06974dd2d6c14 (patch)
tree592574f69fac2d76716aacd5ccfc82463e38c4f9 /plugins/xenserver
parent82b3d9fdd422eb83472999953fafdbc2f2c6a996 (diff)
downloadnova-5b0cf8e0aab88d96df5f0f07c6a06974dd2d6c14.tar.gz
Update WSGI SSL IPv6 test and SSL certificates
Switch the WSGI SSL IPv6 test from urllib2 to Requests because of Python 2.7.9 changes and provide a server SSL certificate that supports IPv6. The test failed on Python 2.7.9 because Python now verifies SSL connections by default (PEP 466) and the test CA certificate was not provided to verify the SSL connection. Passing urllib2.urlopener the test CA certificate through the new cafile parameter allows Python to verify the SSL connection, but is not compatible with prior versions of Python. Requests supports using a CA file regardless of Python 2.7 version. Once using Requests and the test CA certificate to verify the SSL connection the test continued to fail because the previous certificate only specified an IPv4 address, specifically in the deprecated Common Name field, which is unsuitable for verifying an IPv6 address. Error: hostname '::1' doesn't match u'0.0.0.0' A new certificate was created with a wildcard in the Common Name field, but primarily depends on IPv4 and IPv6 localhost names and addresses in the Subject Alternative Name field to accommodate a variety of test scenarios and in line with industry practices (see RFC 2818). The old CA's private key was not available to sign the new server certificate so a new CA certificate was generated and it's public and private keys are provided. Closes-Bug: #1404390 Change-Id: I990d5b5b57d1b5c569aa86828364b3a762d149e1
Diffstat (limited to 'plugins/xenserver')
0 files changed, 0 insertions, 0 deletions