fix working with incorrect certificate

use 'insecure' flag from config

Change-Id: I880dffc58ab428dcd0aacf62815faeddc0321e9f

ec2api/api/__init__.py

@@ -38,6 +38,7 @@ from ec2api.api import faults
 from ec2api import context
 from ec2api import exception
 from ec2api.i18n import _
+from ec2api import utils
 from ec2api import wsgi
 
 
@@ -222,9 +223,9 @@ class EC2KeystoneAuth(wsgi.Middleware):
             creds = {'auth': {'OS-KSEC2:ec2Credentials': cred_dict}}
         creds_json = jsonutils.dumps(creds)
         headers = {'Content-Type': 'application/json'}
-
-        response = requests.request('POST', token_url,
-                                    data=creds_json, headers=headers)
+        params = {'data': creds_json, 'headers': headers}
+        utils.update_request_params_with_ssl(params)
+        response = requests.request('POST', token_url, **params)
         status_code = response.status_code
         if status_code != 200:
             msg = response.reason
@@ -240,7 +241,9 @@ class EC2KeystoneAuth(wsgi.Middleware):
             return faults.ec2_error_response(request_id, "AuthFailure", msg,
                                              status=400)
         auth = keystone_identity_access.AccessInfoPlugin(auth_ref)
-        session = keystone_session.Session(auth=auth)
+        params = {'auth': auth}
+        utils.update_request_params_with_ssl(params)
+        session = keystone_session.Session(**params)
         remote_address = req.remote_addr
         if CONF.use_forwarded_for:
             remote_address = req.headers.get('X-Forwarded-For',

ec2api/context.py

@@ -27,6 +27,7 @@ import six
 
 from ec2api import exception
 from ec2api.i18n import _, _LW
+from ec2api import utils
 
 
 ec2_opts = [
@@ -176,7 +177,9 @@ def get_os_admin_context():
             tenant_name=CONF.admin_tenant_name,
             auth_url=CONF.keystone_url,
         )
-        _admin_session = keystone_session.Session(auth=auth)
+        params = {'auth': auth}
+        utils.update_request_params_with_ssl(params)
+        _admin_session = keystone_session.Session(**params)
 
     return RequestContext(
             None, None,

ec2api/utils.py

@@ -79,3 +79,9 @@ def xhtml_escape(value):
 
     """
     return saxutils.escape(value, {'"': '"', "'": '''})
+
+
+def update_request_params_with_ssl(params):
+    verify = CONF.ssl_ca_file or not CONF.ssl_insecure
+    if verify is not True:
+        params['verify'] = verify

ec2api/wsgi.py

@@ -47,6 +47,9 @@ wsgi_opts = [
              'generate log lines. The following values can be formatted '
              'into it: client_ip, date_time, request_line, status_code, '
              'body_length, wall_seconds.'),
+    cfg.BoolOpt('ssl_insecure',
+                default=False,
+                help="Verify HTTPS connections."),
     cfg.StrOpt('ssl_ca_file',
                help="CA certificate file to use to verify "
                     "connecting clients"),