Deal with PEP-0476 certificate chaining checking

PEP-0476 introduced more thorough certificate chain verfication for HTTPS connectivity; this was introduced in Python 2.7.9, and breaks a number of unit tests in the neutron codebase. Disable certificate chain verification for keystone SSL tests using the backwards compatible SSLContext provided for this purpose. Closes-Bug: #1403068 (cherry picked from commit 1d75a6fd3b) Change-Id: I25859d8981a022b4f625ce57ecd28da3820a7b17
2015-01-06 12:01:40 +00:00 · 2015-01-06 12:01:40 +00:00 · 91cc867eb6
parent 877df583da
commit 91cc867eb6
1 changed files with 12 additions and 1 deletions
--- a/neutron/tests/unit/test_wsgi.py
+++ b/neutron/tests/unit/test_wsgi.py
@ -17,6 +17,7 @@

 import os
 import socket
+import ssl
 import urllib2

 import mock
@ -38,7 +39,17 @@ TEST_VAR_DIR = os.path.abspath(os.path.join(os.path.dirname(__file__),


 def open_no_proxy(*args, **kwargs):
-    opener = urllib2.build_opener(urllib2.ProxyHandler({}))
+    # NOTE(jamespage):
+    # Deal with more secure certification chain verficiation
+    # introduced in python 2.7.9 under PEP-0476
+    # https://github.com/python/peps/blob/master/pep-0476.txt
+    if hasattr(ssl, "_create_unverified_context"):
+        opener = urllib2.build_opener(
+            urllib2.ProxyHandler({}),
+            urllib2.HTTPSHandler(context=ssl._create_unverified_context())
+        )
+    else:
+        opener = urllib2.build_opener(urllib2.ProxyHandler({}))
    return opener.open(*args, **kwargs)