Ensure server's SSL cert is validated

A bug was introduced which meant that the server SSL certificate was not being verified. Here we make sure that it is checked (unless the --insecure flag is used). Helps guard against man-in-the-middle attack. Change-Id: I08f30bf3906b6580c871729311343fa8eefda91b Closes-bug: #1357430
author: Stuart McLaren <stuart.mclaren@hp.com> 2014-08-15 14:53:34 +0000
committer: Stuart McLaren <stuart.mclaren@hp.com> 2014-08-19 11:59:49 +0000
commit: d6498b602f4182f6dbd18fd63eaaaaf8b8ada039 (patch)
tree: 603bc539721879bfef2b3a1e2fd155cda8ac0096 /glanceclient/common/https.py
parent: c59ba203dda65b949c49aa480685bec1a344374c (diff)
download: python-glanceclient-d6498b602f4182f6dbd18fd63eaaaaf8b8ada039.tar.gz
1 files changed, 2 insertions, 1 deletions
diff --git a/glanceclient/common/https.py b/glanceclient/common/https.py
index 93c6e6a..4f0e6f5 100644
--- a/glanceclient/common/https.py
+++ b/glanceclient/common/https.py
@@ -77,7 +77,8 @@ class HTTPSAdapter(adapters.HTTPAdapter):
 
     def cert_verify(self, conn, url, verify, cert):
         super(HTTPSAdapter, self).cert_verify(conn, url, verify, cert)
-        conn.insecure = not verify
+        conn.ca_certs = verify[0]
+        conn.insecure = verify[1]
 
 
 class HTTPSConnectionPool(connectionpool.HTTPSConnectionPool):
author	Stuart McLaren <stuart.mclaren@hp.com>	2014-08-15 14:53:34 +0000
committer	Stuart McLaren <stuart.mclaren@hp.com>	2014-08-19 11:59:49 +0000
commit	d6498b602f4182f6dbd18fd63eaaaaf8b8ada039 (patch)
tree	603bc539721879bfef2b3a1e2fd155cda8ac0096 /glanceclient/common/https.py
parent	c59ba203dda65b949c49aa480685bec1a344374c (diff)
download	python-glanceclient-d6498b602f4182f6dbd18fd63eaaaaf8b8ada039.tar.gz