From 4c14f1edfc0db67959d3899c7537c0be46d0908c Mon Sep 17 00:00:00 2001
From: Major Hayden <major@mhtx.net>
Date: Thu, 28 Jul 2016 11:44:46 -0500
Subject: [PATCH] Fix get_url SNI issues in CentOS 7

CentOS 7 comes with Python 2.7.5, which does not have support for
servers that use Server Name Indication (SNI) to host more than
one SSL certificate on the same IP address. Three Python modules
are required on CentOS 7 systems to add this support:

* pyasn1
* pyOpenSSL
* ndg-httpsclient

This patch should prevent the SSL verification issues that occur
when the RabbitMQ RPMs are downloaded with get_url.

Closes-bug: 1604922

Change-Id: Ia14f25ed0ae399cfea6177adb6d34582a40c9249
---
 run_tests.sh          | 4 ++++
 test-requirements.txt | 8 ++++++++
 tox.ini               | 6 ++++++
 3 files changed, 18 insertions(+)

diff --git a/run_tests.sh b/run_tests.sh
index f7a19cc7..40cb7ffe 100755
--- a/run_tests.sh
+++ b/run_tests.sh
@@ -22,6 +22,10 @@ if [ "$(which apt-get)" ]; then
   apt-get install -y build-essential python2.7 python-dev git-core libssl-dev libffi-dev
 fi
 
+if [ "$(which yum)" ]; then
+  yum install -y '@Development Tools' python-devel git libffi-devel openssl-devel
+fi
+
 # get pip, if necessary
 if [ ! "$(which pip)" ]; then
   curl --silent --show-error --retry 5 \
diff --git a/test-requirements.txt b/test-requirements.txt
index eff30296..9b509570 100644
--- a/test-requirements.txt
+++ b/test-requirements.txt
@@ -9,3 +9,11 @@ sphinx!=1.3b1,<1.3,>=1.2.1 # BSD
 oslosphinx!=3.4.0,>=2.5.0 # Apache-2.0
 doc8 # Apache-2.0
 reno>=1.8.0 # Apache2
+
+# NOTE(mhayden): CentOS 7 has Python 2.7.5, which has no SNI support built in.
+#                Two of the required Python modules for SNI support are here
+#                and the remaining one (ndg-httpsclient) is in the tox.ini
+#                since this module isn't found within the global requirements
+#                list.
+pyasn1  # BSD
+pyOpenSSL>=0.14  # Apache-2.0
diff --git a/tox.ini b/tox.ini
index 9409a649..89d384b7 100644
--- a/tox.ini
+++ b/tox.ini
@@ -105,6 +105,12 @@ deps =
     {[testenv]deps}
     ansible==1.9.4
     ansible-lint>=2.7.0,<3.0.0
+    # NOTE(mhayden): CentOS 7 has Python 2.7.5, which has no SNI support built
+    #                in. Two modules exist in global requirements, and they are
+    #                in test-requirements.txt. This one isn't found in the
+    #                global requirements list, so it needs to be manually added
+    #                here.
+    ndg-httpsclient
 setenv =
     {[testenv]setenv}
     ANSIBLE_HOST_KEY_CHECKING = False