Deal with PEP-0476 certificate chaining checking
PEP-0476 introduced more thorough certificate chain verification
for HTTPS connectivity; this was introduced in Python 2.7.9, and
breaks a number of unit tests in the keystone codebase.
Disable certificate chain verification for keystone SSL tests
using the backwards compatible SSLContext provided for this
purpose.
Closes-Bug: #1403068
(cherry picked from commit 89aec92962
)
Conflicts:
keystone/tests/test_ssl.py
Change-Id: I6b5e975ed4c9abf3571212ba0e172eb653bb9281
This commit is contained in:
parent
e69df34f3d
commit
91255f1edd
|
@ -35,8 +35,25 @@ CLIENT = os.path.join(CERTDIR, 'middleware.pem')
|
|||
class SSLTestCase(tests.TestCase):
|
||||
def setUp(self):
|
||||
super(SSLTestCase, self).setUp()
|
||||
# NOTE(jamespage):
|
||||
# Deal with more secure certificate chain verification
|
||||
# introduced in python 2.7.9 under PEP-0476
|
||||
# https://github.com/python/peps/blob/master/pep-0476.txt
|
||||
self.context = None
|
||||
if hasattr(ssl, '_create_unverified_context'):
|
||||
self.context = ssl._create_unverified_context()
|
||||
self.load_backends()
|
||||
|
||||
def get_HTTPSConnection(self, *args):
|
||||
"""Simple helper to configure HTTPSConnection objects."""
|
||||
if self.context:
|
||||
return environment.httplib.HTTPSConnection(
|
||||
*args,
|
||||
context=self.context
|
||||
)
|
||||
else:
|
||||
return environment.httplib.HTTPSConnection(*args)
|
||||
|
||||
def test_1way_ssl_ok(self):
|
||||
"""Make sure both public and admin API work with 1-way SSL."""
|
||||
paste_conf = self._paste_config('keystone')
|
||||
|
@ -44,7 +61,7 @@ class SSLTestCase(tests.TestCase):
|
|||
|
||||
# Verify Admin
|
||||
with appserver.AppServer(paste_conf, appserver.ADMIN, **ssl_kwargs):
|
||||
conn = environment.httplib.HTTPSConnection(
|
||||
conn = self.get_HTTPSConnection(
|
||||
'127.0.0.1', CONF.admin_port)
|
||||
conn.request('GET', '/')
|
||||
resp = conn.getresponse()
|
||||
|
@ -52,7 +69,7 @@ class SSLTestCase(tests.TestCase):
|
|||
|
||||
# Verify Public
|
||||
with appserver.AppServer(paste_conf, appserver.MAIN, **ssl_kwargs):
|
||||
conn = environment.httplib.HTTPSConnection(
|
||||
conn = self.get_HTTPSConnection(
|
||||
'127.0.0.1', CONF.public_port)
|
||||
conn.request('GET', '/')
|
||||
resp = conn.getresponse()
|
||||
|
@ -68,7 +85,7 @@ class SSLTestCase(tests.TestCase):
|
|||
|
||||
# Verify Admin
|
||||
with appserver.AppServer(paste_conf, appserver.ADMIN, **ssl_kwargs):
|
||||
conn = environment.httplib.HTTPSConnection(
|
||||
conn = self.get_HTTPSConnection(
|
||||
'127.0.0.1', CONF.admin_port, CLIENT, CLIENT)
|
||||
conn.request('GET', '/')
|
||||
resp = conn.getresponse()
|
||||
|
@ -76,7 +93,7 @@ class SSLTestCase(tests.TestCase):
|
|||
|
||||
# Verify Public
|
||||
with appserver.AppServer(paste_conf, appserver.MAIN, **ssl_kwargs):
|
||||
conn = environment.httplib.HTTPSConnection(
|
||||
conn = self.get_HTTPSConnection(
|
||||
'127.0.0.1', CONF.public_port, CLIENT, CLIENT)
|
||||
conn.request('GET', '/')
|
||||
resp = conn.getresponse()
|
||||
|
@ -91,14 +108,14 @@ class SSLTestCase(tests.TestCase):
|
|||
|
||||
# Verify Admin
|
||||
with appserver.AppServer(paste_conf, appserver.ADMIN, **ssl_kwargs):
|
||||
conn = environment.httplib.HTTPSConnection('::1', CONF.admin_port)
|
||||
conn = self.get_HTTPSConnection('::1', CONF.admin_port)
|
||||
conn.request('GET', '/')
|
||||
resp = conn.getresponse()
|
||||
self.assertEqual(300, resp.status)
|
||||
|
||||
# Verify Public
|
||||
with appserver.AppServer(paste_conf, appserver.MAIN, **ssl_kwargs):
|
||||
conn = environment.httplib.HTTPSConnection('::1', CONF.public_port)
|
||||
conn = self.get_HTTPSConnection('::1', CONF.public_port)
|
||||
conn.request('GET', '/')
|
||||
resp = conn.getresponse()
|
||||
self.assertEqual(300, resp.status)
|
||||
|
@ -116,7 +133,7 @@ class SSLTestCase(tests.TestCase):
|
|||
|
||||
# Verify Admin
|
||||
with appserver.AppServer(paste_conf, appserver.ADMIN, **ssl_kwargs):
|
||||
conn = environment.httplib.HTTPSConnection(
|
||||
conn = self.get_HTTPSConnection(
|
||||
'::1', CONF.admin_port, CLIENT, CLIENT)
|
||||
conn.request('GET', '/')
|
||||
resp = conn.getresponse()
|
||||
|
@ -124,7 +141,7 @@ class SSLTestCase(tests.TestCase):
|
|||
|
||||
# Verify Public
|
||||
with appserver.AppServer(paste_conf, appserver.MAIN, **ssl_kwargs):
|
||||
conn = environment.httplib.HTTPSConnection(
|
||||
conn = self.get_HTTPSConnection(
|
||||
'::1', CONF.public_port, CLIENT, CLIENT)
|
||||
conn.request('GET', '/')
|
||||
resp = conn.getresponse()
|
||||
|
@ -137,7 +154,7 @@ class SSLTestCase(tests.TestCase):
|
|||
|
||||
# Verify Admin
|
||||
with appserver.AppServer(paste_conf, appserver.ADMIN, **ssl_kwargs):
|
||||
conn = environment.httplib.HTTPSConnection(
|
||||
conn = self.get_HTTPSConnection(
|
||||
'127.0.0.1', CONF.admin_port)
|
||||
try:
|
||||
conn.request('GET', '/')
|
||||
|
@ -147,7 +164,7 @@ class SSLTestCase(tests.TestCase):
|
|||
|
||||
# Verify Public
|
||||
with appserver.AppServer(paste_conf, appserver.MAIN, **ssl_kwargs):
|
||||
conn = environment.httplib.HTTPSConnection(
|
||||
conn = self.get_HTTPSConnection(
|
||||
'127.0.0.1', CONF.public_port)
|
||||
try:
|
||||
conn.request('GET', '/')
|
||||
|
|
Loading…
Reference in New Issue