From 89d9411afd701f25742f3261301860fd58e2bbc2 Mon Sep 17 00:00:00 2001
From: Jamie Lennox <jamielennox@redhat.com>
Date: Fri, 24 Oct 2014 13:27:53 +0200
Subject: [PATCH] Log the CA cert with the debug statement

If you are using a custom CA bundle rather than the default OS one then
we should log that as part of the curl statement to make debugging
easier.

Change-Id: I1a6ded02b75a3bc9b1ca880db8a9b9b460d36774
---
 keystoneclient/session.py            |  2 ++
 keystoneclient/tests/test_session.py | 10 ++++++++++
 2 files changed, 12 insertions(+)

diff --git a/keystoneclient/session.py b/keystoneclient/session.py
index aab90f94a..e453ba5d2 100644
--- a/keystoneclient/session.py
+++ b/keystoneclient/session.py
@@ -144,6 +144,8 @@ class Session(object):
         # so we need to actually check that this is False.
         if self.verify is False:
             string_parts.append('--insecure')
+        elif isinstance(self.verify, six.string_types):
+            string_parts.append('--cacert "%s"' % self.verify)
 
         if method:
             string_parts.extend(['-X', method])
diff --git a/keystoneclient/tests/test_session.py b/keystoneclient/tests/test_session.py
index 6a9d4080d..8aa5a1ee4 100644
--- a/keystoneclient/tests/test_session.py
+++ b/keystoneclient/tests/test_session.py
@@ -172,6 +172,16 @@ class SessionTests(utils.TestCase):
             self.assertEqual(v, resp.headers[k])
             self.assertNotIn(v, self.logger.output)
 
+    def test_logging_cacerts(self):
+        path_to_certs = '/path/to/certs'
+        session = client_session.Session(verify=path_to_certs)
+
+        self.stub_url('GET', text='text')
+        session.get(self.TEST_URL)
+
+        self.assertIn('--cacert', self.logger.output)
+        self.assertIn(path_to_certs, self.logger.output)
+
     def test_connect_retries(self):
 
         def _timeout_error(request, context):