no logging on cms failure

Don't log in the keystoneclient.common.cms as there are some errors
that are expected.  Instead, log in the middleware

bug 1189539

Change-Id: I1e80e2ab35e073d9b8d25fd16b31c64c34cd001d

keystoneclient/common/cms.py

@@ -25,7 +25,10 @@ def _ensure_subprocess():
 
 
 def cms_verify(formatted, signing_cert_file_name, ca_file_name):
-    """Verifies the signature of the contents IAW CMS syntax."""
+    """Verifies the signature of the contents IAW CMS syntax.
+
+    :raises: subprocess.CalledProcessError
+    """
     _ensure_subprocess()
     process = subprocess.Popen(["openssl", "cms", "-verify",
                                 "-certfile", signing_cert_file_name,
@@ -39,7 +42,8 @@ def cms_verify(formatted, signing_cert_file_name, ca_file_name):
     output, err = process.communicate(formatted)
     retcode = process.poll()
     if retcode:
-        LOG.warning('Verify error: %s' % err)
+        # Do not log errors, as some happen in the positive thread
+        # instead, catch them in the calling code and log them there.
         # NOTE(dmllr): Python 2.6 compatibility:
         # CalledProcessError did not have output keyword argument
         e = subprocess.CalledProcessError(retcode, "openssl")

keystoneclient/middleware/auth_token.py

@@ -1047,6 +1047,7 @@ class AuthProtocol(object):
                 if self.cert_file_missing(err.output, self.ca_file_name):
                     self.fetch_ca_cert()
                     continue
+                self.LOG.warning('Verify error: %s' % err)
                 raise err
             return output