Fix CA certificate handling

If --os-cacert was passed to the cli the following error was triggered: "cafile must be None or a byte string". This is because 'load_verify_locations' requires a byte string to be passed in. We fix this by explicitly converting the argument to a byte string. We do this in 'VerifiedHTTPSConnection' rather than sooner, eg during arg handling, as it will no longer be required should we move to a different http library (eg requests). Fixes bug 1301849. Change-Id: I9014f5d040cae9f0b6f03d8f13de8419597560cb
2014-04-03 09:58:31 +00:00 · 2014-04-03 09:58:31 +00:00 · 6626f38cda
parent dbefc1a3b1
commit 6626f38cda
2 changed files with 22 additions and 1 deletions
--- a/glanceclient/common/http.py
+++ b/glanceclient/common/http.py
@ -378,7 +378,7 @@ class VerifiedHTTPSConnection(HTTPSConnection):
            self.timeout = timeout
            self.insecure = insecure
            self.ssl_compression = ssl_compression
-            self.cacert = cacert
+            self.cacert = None if cacert is None else str(cacert)
            self.setcontext()
            # ssl exceptions are reported in various form in Python 3
            # so to be compatible, we report the same kind as under
--- a/tests/test_ssl.py
+++ b/tests/test_ssl.py
@ -274,3 +274,24 @@ class TestVerifiedHTTPSConnection(testtools.TestCase):
                cacert=cacert, ssl_compression=False)
        except exc.SSLConfigurationError:
            self.fail('Failed to init VerifiedHTTPSConnection.')
+
+    def test_ssl_init_non_byte_string(self):
+        """
+        Test VerifiedHTTPSConnection class non byte string
+
+        Reproduces bug #1301849
+        """
+        key_file = os.path.join(TEST_VAR_DIR, 'privatekey.key')
+        cert_file = os.path.join(TEST_VAR_DIR, 'certificate.crt')
+        cacert = os.path.join(TEST_VAR_DIR, 'ca.crt')
+        # Note: we reproduce on python 2.6/2.7, on 3.3 the bug doesn't occur.
+        key_file = key_file.encode('ascii', 'strict').decode('utf-8')
+        cert_file = cert_file.encode('ascii', 'strict').decode('utf-8')
+        cacert = cacert.encode('ascii', 'strict').decode('utf-8')
+        try:
+            conn = http.VerifiedHTTPSConnection('127.0.0.1', 0,
+                                                key_file=key_file,
+                                                cert_file=cert_file,
+                                                cacert=cacert)
+        except exc.SSLConfigurationError:
+            self.fail('Failed to init VerifiedHTTPSConnection.')