From ed404c5f66e874779d58d3ac81f28ae22c55cf09 Mon Sep 17 00:00:00 2001 From: Mark Goddard Date: Fri, 20 Aug 2021 14:23:54 +0100 Subject: Fix CA file for Swift pollster Most OpenStack API communication uses the cafile option in the service_credentials config. For swift the client is created differently, and does not get this option. When TLS is used, we may get an error like the following: exceptions.SSLError: HTTPSConnectionPool(host='1.2.3.4', port=443): Max retries exceeded with url: /swift/v1/AUTH_XXXX (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')],)",),)) This change fixes the issue by creating an HTTP connection for the Swift client that uses the configured CA file. Closes-Bug: #1940660 Change-Id: I38f9ff2bec0a2a3cb9dfc5c362284e33c12f3127 --- releasenotes/notes/fix-1940660-5226988f2e7ae1bd.yaml | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 releasenotes/notes/fix-1940660-5226988f2e7ae1bd.yaml (limited to 'releasenotes') diff --git a/releasenotes/notes/fix-1940660-5226988f2e7ae1bd.yaml b/releasenotes/notes/fix-1940660-5226988f2e7ae1bd.yaml new file mode 100644 index 00000000..14a515e8 --- /dev/null +++ b/releasenotes/notes/fix-1940660-5226988f2e7ae1bd.yaml @@ -0,0 +1,7 @@ +--- +fixes: + - > + [`bug 1940660 `_] + Fixes an issue with the Swift pollster where the ``[service_credentials] + cafile`` option was not used. This could prevent communication with + TLS-enabled Swift APIs. -- cgit v1.2.1