diff options
author | Radoslav Gerganov <rgerganov@vmware.com> | 2018-05-18 13:18:58 +0300 |
---|---|---|
committer | Radoslav Gerganov <rgerganov@vmware.com> | 2018-05-21 12:40:01 +0300 |
commit | 984efbdfd2e765ba5a82c7a8c496c0e202b2e96f (patch) | |
tree | be6001090b581b86f9e613978899a4e1243e6298 | |
parent | d9b09a58d5954d1cbd5f689236438e6ce7ecf542 (diff) | |
download | oslo-vmware-2.29.1.tar.gz |
Specify CA store when making secure connections with urllib32.29.1
We have been using FileHandle classes mostly in cases when we have to
establish secure connection and we have an SSL thumbprint of the host we
connect to. However, there are also cases when we don't have a
thumbprint and we need CA store. This patch uses the requests library to
provide such CA store.
Change-Id: I8567c8c273a3bff41c4b80a77e1fa8af743bf98c
-rw-r--r-- | oslo_vmware/rw_handles.py | 2 | ||||
-rw-r--r-- | oslo_vmware/tests/test_rw_handles.py | 8 |
2 files changed, 7 insertions, 3 deletions
diff --git a/oslo_vmware/rw_handles.py b/oslo_vmware/rw_handles.py index e2f1bed..3a01ed9 100644 --- a/oslo_vmware/rw_handles.py +++ b/oslo_vmware/rw_handles.py @@ -78,7 +78,7 @@ class FileHandle(object): cert_reqs = ssl.CERT_REQUIRED else: cert_reqs = ssl.CERT_NONE - cacerts = None + cacerts = requests.certs.where() conn.set_cert(ca_certs=cacerts, cert_reqs=cert_reqs, assert_fingerprint=ssl_thumbprint) else: diff --git a/oslo_vmware/tests/test_rw_handles.py b/oslo_vmware/tests/test_rw_handles.py index ba33ce5..064ad8e 100644 --- a/oslo_vmware/tests/test_rw_handles.py +++ b/oslo_vmware/tests/test_rw_handles.py @@ -20,6 +20,7 @@ Unit tests for read and write handles for image transfer. import ssl import mock +import requests import six from oslo_vmware import exceptions @@ -57,8 +58,10 @@ class FileHandleTest(base.TestCase): ret = handle._create_connection('https://localhost/foo?q=bar', 'GET') self.assertEqual(conn, ret) + ca_store = requests.certs.where() conn.set_cert.assert_called_once_with( - ca_certs=None, cert_reqs=ssl.CERT_NONE, assert_fingerprint=None) + ca_certs=ca_store, cert_reqs=ssl.CERT_NONE, + assert_fingerprint=None) conn.putrequest.assert_called_once_with('GET', '/foo?q=bar') @mock.patch('urllib3.connection.HTTPSConnection') @@ -71,8 +74,9 @@ class FileHandleTest(base.TestCase): cacerts=True) self.assertEqual(conn, ret) + ca_store = requests.certs.where() conn.set_cert.assert_called_once_with( - ca_certs=None, cert_reqs=ssl.CERT_REQUIRED, + ca_certs=ca_store, cert_reqs=ssl.CERT_REQUIRED, assert_fingerprint=None) @mock.patch('urllib3.connection.HTTPSConnection') |