TrustedFilter was using httplib which doesn't check for CAs.
Here the change is using Requests and verifies local CAs by default (or another
one if provided)
This effort is related to CVE 2013-2255.
SecurityImpact
ReleaseNote
This patch adds an option attestation_insecure_ssl in TrustedFilter which can be
used to verify CAs. The default value is set to True, disabling SSL certificate
verification. While this is the insecure option, it was selected for backward
compatibility reasons.
Closes-Bug: #1373993
(cherry picked from commit 30871e8702)
Conflicts:
nova/tests/scheduler/test_host_filters.py
Change-Id: I0b8e6319a4cc39876b1e396ef705f0fc5def1e44