42b0240bed
The current SSL cert contains '::1' as a DNSName[1] which is clearly an ipaddress. When PyOpenSSL is installed this causes the cert to discard the entire SubjectAlternateName attribute which causes something like: WARNING [urllib3.contrib.pyopenssl] A problem was encountered with the certificate that prevented urllib3 from finding the SubjectAlternativeName field. This can affect certificate validation. The error was Codepoint U+003A at position 1 of u'::1' not allowed ERROR [urllib3.connection] Certificate did not match expected hostname: 127.0.0.1. Certificate: {'subject': ((('commonName', u'*'),),), 'subjectAltName': []} The latest release of python-glanceclient now requires PyOpenSSL causing the wsgi unit tests to fail. This change alters the Alternate names to: DNS = localhost DNS = ip6-localhost IP Address = 127.0.0.1 IP Address = ::1 And introduces a script to regenerate the cert if needed in the future. [1]: DNS = localhost DNS = ip6-localhost DNS = 127.0.0.1 DNS = ::1 IP Address = 127.0.0.1 IP Address = ::1 Change-Id: I35fa11660b9ff778f868af98802cb40ab3e2ce60 Related-Change: Ibd43976e46a531556739eafcf326b64e33366610 |
||
---|---|---|
.. | ||
ca.crt | ||
ca.key | ||
certificate.cnf | ||
certificate.crt | ||
new_cert.sh | ||
privatekey.key |