cloudify-openstack-plugin icon indicating copy to clipboard operation
cloudify-openstack-plugin copied to clipboard

Published 20 hours ago verified publisher icon cloudify-cosmo

Impossible to specify CA cert

Open isaac-s opened this issue 7 years ago • 0 comments

It is impossible to specify a CA cert to use for authenticating OpenStack's certificate.

Unless OpenStack's cert is trusted by a CA that is included in the requests library itself (note that the requests library does NOT consult the CA certs bundle of the OS), the user must specify insecure: True in order to connect, but this is not secure.

The reason is:

https://github.com/cloudify-cosmo/cloudify-openstack-plugin/blob/2.5.0/openstack_plugin_common/init.py#L588

This function will always end up passing either True or False to the verify kwarg of session.Session. We should also allow a string to be passed on. The string would be the path to the cert.

isaac-s avatar Jan 09 '18 00:01 isaac-s