1987fcc8a3
If the version of python-requests required is higher than that provided by the operating system, pip will install it from upstream. The upstream version provides its own CA certificate bundle based on the Mozilla bundle, and defaults to that in case a CA certificate file is not specified for a request. The distribution-specific packages point to the system-wide CA bundle that can be managed by tools such as update-ca-trust (Fedora/RHEL) and update-ca-certificates (Debian/Ubuntu). When installing in SSL/TLS mode, either with SSL=True or by adding tls-proxy to ENABLED_SERVICES, if a non-systemwide CA bundle is used, then the CA generated by devstack will not be used causing the installation to fail. Replace the upstream-provided bundle with a link to the system bundle when possible. Change-Id: I651aec93398d583dcdc8323503792df7ca05a7e7 Closes-Bug: #1459789
13 KiB
13 KiB