Fix verification of certificates signed by a private CA
When using a certificate that was signed by a private CA (including self-signed certs) on Neutron endpoints, certificate verification fails. This was because the custom certificate was not used when creating user's session even though the custom certificate file path is provided in octavia.conf. Fixing by feeding neutron cafile as a keyword argument. Closes-Bug: #2046382 Co-authored-by: Ilia Kerbs <ikerbs@protonmail.com> Change-Id: Ia92fa6140b0fc608281e846d0635dd28217f2630
This commit is contained in:
parent
9f0634c23a
commit
b0aa2a36f1
@ -111,6 +111,7 @@ class NeutronAuth:
|
||||
client.
|
||||
"""
|
||||
sess = keystone.KeystoneSession('neutron').get_session()
|
||||
kwargs = {}
|
||||
neutron_endpoint = CONF.neutron.endpoint_override
|
||||
if neutron_endpoint is None:
|
||||
endpoint_data = sess.get_endpoint_data(
|
||||
@ -119,8 +120,13 @@ class NeutronAuth:
|
||||
region_name=CONF.neutron.region_name)
|
||||
neutron_endpoint = endpoint_data.catalog_url
|
||||
|
||||
neutron_cafile = getattr(CONF.neutron, "cafile", None)
|
||||
insecure = getattr(CONF.neutron, "insecure", False)
|
||||
kwargs['verify'] = not insecure
|
||||
if neutron_cafile is not None and not insecure:
|
||||
kwargs['verify'] = neutron_cafile
|
||||
user_auth = token_endpoint.Token(neutron_endpoint, context.auth_token)
|
||||
user_sess = session.Session(auth=user_auth)
|
||||
user_sess = session.Session(auth=user_auth, **kwargs)
|
||||
|
||||
conn = openstack.connection.Connection(
|
||||
session=user_sess, oslo_conf=CONF)
|
||||
|
@ -0,0 +1,5 @@
|
||||
---
|
||||
fixes:
|
||||
- |
|
||||
Fix verification of certificates signed by a private CA when using Neutron
|
||||
endpoints.
|
Loading…
x
Reference in New Issue
Block a user