Specify CA store when making secure connections with urllib32.29.1

We have been using FileHandle classes mostly in cases when we have to establish secure connection and we have an SSL thumbprint of the host we connect to. However, there are also cases when we don't have a thumbprint and we need CA store. This patch uses the requests library to provide such CA store. Change-Id: I8567c8c273a3bff41c4b80a77e1fa8af743bf98c
author: Radoslav Gerganov <rgerganov@vmware.com> 2018-05-18 13:18:58 +0300
committer: Radoslav Gerganov <rgerganov@vmware.com> 2018-05-21 12:40:01 +0300
commit: 984efbdfd2e765ba5a82c7a8c496c0e202b2e96f (patch)
tree: be6001090b581b86f9e613978899a4e1243e6298
parent: d9b09a58d5954d1cbd5f689236438e6ce7ecf542 (diff)
download: oslo-vmware-2.29.1.tar.gz
2 files changed, 7 insertions, 3 deletions
diff --git a/oslo_vmware/rw_handles.py b/oslo_vmware/rw_handles.py
index e2f1bed..3a01ed9 100644
--- a/oslo_vmware/rw_handles.py
+++ b/oslo_vmware/rw_handles.py
@@ -78,7 +78,7 @@ class FileHandle(object):
                     cert_reqs = ssl.CERT_REQUIRED
                 else:
                     cert_reqs = ssl.CERT_NONE
-                cacerts = None
+                cacerts = requests.certs.where()
             conn.set_cert(ca_certs=cacerts, cert_reqs=cert_reqs,
                           assert_fingerprint=ssl_thumbprint)
         else:
diff --git a/oslo_vmware/tests/test_rw_handles.py b/oslo_vmware/tests/test_rw_handles.py
index ba33ce5..064ad8e 100644
--- a/oslo_vmware/tests/test_rw_handles.py
+++ b/oslo_vmware/tests/test_rw_handles.py
@@ -20,6 +20,7 @@ Unit tests for read and write handles for image transfer.
 import ssl
 
 import mock
+import requests
 import six
 
 from oslo_vmware import exceptions
@@ -57,8 +58,10 @@ class FileHandleTest(base.TestCase):
         ret = handle._create_connection('https://localhost/foo?q=bar', 'GET')
 
         self.assertEqual(conn, ret)
+        ca_store = requests.certs.where()
         conn.set_cert.assert_called_once_with(
-            ca_certs=None, cert_reqs=ssl.CERT_NONE, assert_fingerprint=None)
+            ca_certs=ca_store, cert_reqs=ssl.CERT_NONE,
+            assert_fingerprint=None)
         conn.putrequest.assert_called_once_with('GET', '/foo?q=bar')
 
     @mock.patch('urllib3.connection.HTTPSConnection')
@@ -71,8 +74,9 @@ class FileHandleTest(base.TestCase):
                                         cacerts=True)
 
         self.assertEqual(conn, ret)
+        ca_store = requests.certs.where()
         conn.set_cert.assert_called_once_with(
-            ca_certs=None, cert_reqs=ssl.CERT_REQUIRED,
+            ca_certs=ca_store, cert_reqs=ssl.CERT_REQUIRED,
             assert_fingerprint=None)
 
     @mock.patch('urllib3.connection.HTTPSConnection')
author	Radoslav Gerganov <rgerganov@vmware.com>	2018-05-18 13:18:58 +0300
committer	Radoslav Gerganov <rgerganov@vmware.com>	2018-05-21 12:40:01 +0300
commit	984efbdfd2e765ba5a82c7a8c496c0e202b2e96f (patch)
tree	be6001090b581b86f9e613978899a4e1243e6298
parent	d9b09a58d5954d1cbd5f689236438e6ce7ecf542 (diff)
download	oslo-vmware-2.29.1.tar.gz