Deal with PEP-0476 certificate chaining checking

PEP-0476 introduced more thorough certificate chain verfication
for HTTPS connectivity; this was introduced in Python 2.7.9, and
breaks a number of unit tests in the cinder codebase.

Disable certificate chain verification for cinder SSL tests
using the backwards compatible SSLContext provided for this
purpose.

Change-Id: Iffc3658196f608c7a7c9b6527dc8e7210fb05bff
Closes-Bug: #1403068
(cherry picked from commit 4e849ef5fb)
This commit is contained in:
Corey Bryant 2015-01-14 13:11:30 -05:00
parent 55ff24d549
commit a3e4439de2
1 changed files with 12 additions and 1 deletions

View File

@ -19,6 +19,7 @@
import os.path
import re
import socket
import ssl
import tempfile
import time
import urllib2
@ -41,7 +42,17 @@ TEST_VAR_DIR = os.path.abspath(os.path.join(os.path.dirname(__file__),
def open_no_proxy(*args, **kwargs):
opener = urllib2.build_opener(urllib2.ProxyHandler({}))
# NOTE(coreycb):
# Deal with more secure certification chain verficiation
# introduced in python 2.7.9 under PEP-0476
# https://github.com/python/peps/blob/master/pep-0476.txt
if hasattr(ssl, "_create_unverified_context"):
opener = urllib2.build_opener(
urllib2.ProxyHandler({}),
urllib2.HTTPSHandler(context=ssl._create_unverified_context())
)
else:
opener = urllib2.build_opener(urllib2.ProxyHandler({}))
return opener.open(*args, **kwargs)