diff --git a/glanceclient/common/http.py b/glanceclient/common/http.py index 2f35dac4..f905b0d3 100644 --- a/glanceclient/common/http.py +++ b/glanceclient/common/http.py @@ -74,7 +74,7 @@ class HTTPClient(object): _kwargs = {'timeout': float(kwargs.get('timeout', 600))} if scheme == 'https': - _kwargs['ca_file'] = kwargs.get('ca_file', None) + _kwargs['cacert'] = kwargs.get('cacert', None) _kwargs['cert_file'] = kwargs.get('cert_file', None) _kwargs['key_file'] = kwargs.get('key_file', None) _kwargs['insecure'] = kwargs.get('insecure', False) @@ -100,7 +100,7 @@ class HTTPClient(object): conn_params_fmt = [ ('key_file', '--key %s'), ('cert_file', '--cert %s'), - ('ca_file', '--cacert %s'), + ('cacert', '--cacert %s'), ] for (key, fmt) in conn_params_fmt: value = self.connection_kwargs.get(key) @@ -247,7 +247,7 @@ class VerifiedHTTPSConnection(httplib.HTTPSConnection): with native Python 3.3 code. """ def __init__(self, host, port, key_file=None, cert_file=None, - ca_file=None, timeout=None, insecure=False, + cacert=None, timeout=None, insecure=False, ssl_compression=True): httplib.HTTPSConnection.__init__(self, host, port, key_file=key_file, @@ -257,7 +257,7 @@ class VerifiedHTTPSConnection(httplib.HTTPSConnection): self.timeout = timeout self.insecure = insecure self.ssl_compression = ssl_compression - self.ca_file = ca_file + self.cacert = cacert self.setcontext() @staticmethod @@ -341,11 +341,11 @@ class VerifiedHTTPSConnection(httplib.HTTPSConnection): msg = 'Unable to load key from "%s" %s' % (self.key_file, e) raise exc.SSLConfigurationError(msg) - if self.ca_file: + if self.cacert: try: - self.context.load_verify_locations(self.ca_file) + self.context.load_verify_locations(self.cacert) except Exception, e: - msg = 'Unable to load CA from "%s"' % (self.ca_file, e) + msg = 'Unable to load CA from "%s"' % (self.cacert, e) raise exc.SSLConfigurationError(msg) else: self.context.set_default_verify_paths() diff --git a/glanceclient/shell.py b/glanceclient/shell.py index 48112110..142c03aa 100644 --- a/glanceclient/shell.py +++ b/glanceclient/shell.py @@ -79,11 +79,17 @@ class OpenStackImagesShell(object): 'connection. This option is not necessary ' 'if your key is prepended to your cert file.') - parser.add_argument('--ca-file', - help='Path of CA SSL certificate(s) used to verify' + parser.add_argument('--os-cacert', + metavar='', + dest='os_cacert', + default=utils.env('OS_CACERT'), + help='Path of CA TLS certificate(s) used to verify' 'the remote server\'s certificate. Without this ' 'option glance looks for the default system ' 'CA certificates.') + parser.add_argument('--ca-file', + dest='os_cacert', + help='DEPRECATED! Use --os-cacert.') parser.add_argument('--timeout', default=600, @@ -314,6 +320,7 @@ class OpenStackImagesShell(object): tenant_id=kwargs.get('tenant_id'), tenant_name=kwargs.get('tenant_name'), auth_url=kwargs.get('auth_url'), + cacert=kwargs.get('cacert'), insecure=kwargs.get('insecure')) def _get_endpoint(self, client, **kwargs): @@ -407,6 +414,7 @@ class OpenStackImagesShell(object): 'auth_url': args.os_auth_url, 'service_type': args.os_service_type, 'endpoint_type': args.os_endpoint_type, + 'cacert': args.os_cacert, 'insecure': args.insecure, 'region_name': args.os_region_name, } @@ -420,7 +428,7 @@ class OpenStackImagesShell(object): 'token': token, 'insecure': args.insecure, 'timeout': args.timeout, - 'ca_file': args.ca_file, + 'cacert': args.os_cacert, 'cert_file': args.cert_file, 'key_file': args.key_file, 'ssl_compression': args.ssl_compression diff --git a/tests/test_ssl.py b/tests/test_ssl.py index efe8851c..14afcc61 100644 --- a/tests/test_ssl.py +++ b/tests/test_ssl.py @@ -33,12 +33,12 @@ class TestVerifiedHTTPSConnection(unittest.TestCase): """ key_file = os.path.join(TEST_VAR_DIR, 'privatekey.key') cert_file = os.path.join(TEST_VAR_DIR, 'certificate.crt') - ca_file = os.path.join(TEST_VAR_DIR, 'ca.crt') + cacert = os.path.join(TEST_VAR_DIR, 'ca.crt') try: conn = http.VerifiedHTTPSConnection('127.0.0.1', 0, key_file=key_file, cert_file=cert_file, - ca_file=ca_file) + cacert=cacert) except exc.SSLConfigurationError: self.fail('Failed to init VerifiedHTTPSConnection.') @@ -47,11 +47,11 @@ class TestVerifiedHTTPSConnection(unittest.TestCase): Test VerifiedHTTPSConnection: absense of SSL key file. """ cert_file = os.path.join(TEST_VAR_DIR, 'certificate.crt') - ca_file = os.path.join(TEST_VAR_DIR, 'ca.crt') + cacert = os.path.join(TEST_VAR_DIR, 'ca.crt') try: conn = http.VerifiedHTTPSConnection('127.0.0.1', 0, cert_file=cert_file, - ca_file=ca_file) + cacert=cacert) self.fail('Failed to raise assertion.') except exc.SSLConfigurationError: pass @@ -61,11 +61,11 @@ class TestVerifiedHTTPSConnection(unittest.TestCase): Test VerifiedHTTPSConnection: absense of SSL cert file. """ key_file = os.path.join(TEST_VAR_DIR, 'privatekey.key') - ca_file = os.path.join(TEST_VAR_DIR, 'ca.crt') + cacert = os.path.join(TEST_VAR_DIR, 'ca.crt') try: conn = http.VerifiedHTTPSConnection('127.0.0.1', 0, key_file=key_file, - ca_file=ca_file) + cacert=cacert) except: self.fail('Failed to init VerifiedHTTPSConnection.') @@ -75,11 +75,11 @@ class TestVerifiedHTTPSConnection(unittest.TestCase): """ key_file = os.path.join(TEST_VAR_DIR, 'badkey.key') cert_file = os.path.join(TEST_VAR_DIR, 'certificate.crt') - ca_file = os.path.join(TEST_VAR_DIR, 'ca.crt') + cacert = os.path.join(TEST_VAR_DIR, 'ca.crt') try: conn = http.VerifiedHTTPSConnection('127.0.0.1', 0, cert_file=cert_file, - ca_file=ca_file) + cacert=cacert) self.fail('Failed to raise assertion.') except exc.SSLConfigurationError: pass @@ -90,11 +90,11 @@ class TestVerifiedHTTPSConnection(unittest.TestCase): """ key_file = os.path.join(TEST_VAR_DIR, 'privatekey.key') cert_file = os.path.join(TEST_VAR_DIR, 'badcert.crt') - ca_file = os.path.join(TEST_VAR_DIR, 'ca.crt') + cacert = os.path.join(TEST_VAR_DIR, 'ca.crt') try: conn = http.VerifiedHTTPSConnection('127.0.0.1', 0, cert_file=cert_file, - ca_file=ca_file) + cacert=cacert) self.fail('Failed to raise assertion.') except exc.SSLConfigurationError: pass @@ -105,11 +105,11 @@ class TestVerifiedHTTPSConnection(unittest.TestCase): """ key_file = os.path.join(TEST_VAR_DIR, 'privatekey.key') cert_file = os.path.join(TEST_VAR_DIR, 'certificate.crt') - ca_file = os.path.join(TEST_VAR_DIR, 'badca.crt') + cacert = os.path.join(TEST_VAR_DIR, 'badca.crt') try: conn = http.VerifiedHTTPSConnection('127.0.0.1', 0, cert_file=cert_file, - ca_file=ca_file) + cacert=cacert) self.fail('Failed to raise assertion.') except exc.SSLConfigurationError: pass