Merge "Fix SSL cert error in nfv-vim for rehomed subcloud"
This commit is contained in:
commit
073240f776
@ -5,6 +5,7 @@
|
|||||||
#
|
#
|
||||||
import errno
|
import errno
|
||||||
import functools
|
import functools
|
||||||
|
import os
|
||||||
import select
|
import select
|
||||||
import socket
|
import socket
|
||||||
|
|
||||||
@ -114,3 +115,17 @@ def get_local_host_name():
|
|||||||
Returns the name of the local host
|
Returns the name of the local host
|
||||||
"""
|
"""
|
||||||
return socket.gethostname()
|
return socket.gethostname()
|
||||||
|
|
||||||
|
|
||||||
|
def get_system_ca_file():
|
||||||
|
"""Return path to system default CA file."""
|
||||||
|
# Standard CA file locations for Debian/Ubuntu, RedHat/Fedora,
|
||||||
|
# Suse, FreeBSD/OpenBSD
|
||||||
|
ca_path = ['/etc/ssl/certs/ca-certificates.crt',
|
||||||
|
'/etc/pki/tls/certs/ca-bundle.crt',
|
||||||
|
'/etc/ssl/ca-bundle.pem',
|
||||||
|
'/etc/ssl/cert.pem']
|
||||||
|
for ca in ca_path:
|
||||||
|
if os.path.exists(ca):
|
||||||
|
return ca
|
||||||
|
return None
|
||||||
|
@ -13,6 +13,7 @@ from six.moves import socketserver as SocketServer
|
|||||||
from six.moves import urllib
|
from six.moves import urllib
|
||||||
|
|
||||||
import socket
|
import socket
|
||||||
|
import ssl
|
||||||
import struct
|
import struct
|
||||||
|
|
||||||
from nfv_common import debug
|
from nfv_common import debug
|
||||||
@ -20,6 +21,7 @@ from nfv_common import selobj
|
|||||||
from nfv_common import timers
|
from nfv_common import timers
|
||||||
|
|
||||||
from nfv_common.helpers import coroutine
|
from nfv_common.helpers import coroutine
|
||||||
|
from nfv_common.helpers import get_system_ca_file
|
||||||
from nfv_common.helpers import Object
|
from nfv_common.helpers import Object
|
||||||
from nfv_common.helpers import Result
|
from nfv_common.helpers import Result
|
||||||
|
|
||||||
@ -341,8 +343,13 @@ def _rest_api_request(token_id,
|
|||||||
response_raw = request.text
|
response_raw = request.text
|
||||||
request.close()
|
request.close()
|
||||||
else:
|
else:
|
||||||
|
ca_file = get_system_ca_file()
|
||||||
|
ssl_context = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH,
|
||||||
|
cafile=ca_file)
|
||||||
|
|
||||||
request = urllib.request.urlopen(request_info,
|
request = urllib.request.urlopen(request_info,
|
||||||
timeout=timeout_in_secs)
|
timeout=timeout_in_secs,
|
||||||
|
context=ssl_context)
|
||||||
headers = list() # list of tuples
|
headers = list() # list of tuples
|
||||||
for key, value in request.info().items():
|
for key, value in request.info().items():
|
||||||
if key not in headers_per_hop:
|
if key not in headers_per_hop:
|
||||||
|
Loading…
Reference in New Issue
Block a user