Supprt multiple ca certificates
In order to support certificates chain, certficate(s) should be put in one file. Certificates in one chain will be separated by ';'. The config looks like: ca_file = c1-1.ca;c1-2.ca,c2-1.ca;c2-2.ca Change-Id: If24092e70cb8df73a648ad5805b36a7e4cfa3d7a
This commit is contained in:
parent
d761feadd7
commit
f1fad8fd18
|
@ -398,21 +398,14 @@ class Provider(object):
|
|||
if not self.ca_file:
|
||||
return
|
||||
|
||||
try:
|
||||
ca_content = self._get_ca_files(self.ca_file)
|
||||
except Exception as e:
|
||||
LOG.error('read ca file %s error %s', self.ca_file, e)
|
||||
sep = ';'
|
||||
if sep not in self.ca_file:
|
||||
return
|
||||
|
||||
if len(ca_content) <= 1:
|
||||
return
|
||||
|
||||
base_file = '/tmp/ca_cert'
|
||||
for index, buff in enumerate(ca_content):
|
||||
ca_file = '{}_{}_{}.pem'.format(base_file, self.id, str(index))
|
||||
files = self.ca_file.split(sep)
|
||||
for ca_file in files:
|
||||
try:
|
||||
with open(ca_file, 'w') as fname:
|
||||
fname.writelines(buff)
|
||||
ca_file = ca_file.strip()
|
||||
session = requests.Session()
|
||||
retry_strategy = CAVerifyRetry(total=6, backoff_factor=1,
|
||||
method_whitelist=["GET"])
|
||||
|
@ -426,21 +419,6 @@ class Provider(object):
|
|||
LOG.debug("verification for ca_file %s failed. Error: %s",
|
||||
ca_file, e)
|
||||
continue
|
||||
except IOError as e:
|
||||
LOG.debug("write ca_file %s failed. Error: %s",
|
||||
ca_file, e)
|
||||
|
||||
def _get_ca_files(self, ca_file):
|
||||
files = []
|
||||
with open(ca_file) as fname:
|
||||
lines = fname.readlines()
|
||||
buff = []
|
||||
for line in lines:
|
||||
buff.append(line)
|
||||
if 'END CERTIFICATE' in line:
|
||||
files.append(buff)
|
||||
buff = []
|
||||
return files
|
||||
|
||||
|
||||
class Endpoint(object):
|
||||
|
|
Loading…
Reference in New Issue