summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJenkins <jenkins@review.openstack.org>2015-06-03 17:34:43 +0000
committerGerrit Code Review <review@openstack.org>2015-06-03 17:34:43 +0000
commit5ca4e59f28c40bd326005d82c8a6f67ae1c427f5 (patch)
treeb5f0ece90bacffd63ab915235129d3ea545b019e
parentbd32358dcdcf293b543e42b944e47c9b84259db3 (diff)
parent10d3b27283697f2c5be971daf7ef0ea7373fe4c8 (diff)
downloadkeystone-5ca4e59f28c40bd326005d82c8a6f67ae1c427f5.tar.gz
Merge "Deal with PEP-0476 certificate chaining checking" into stable/juno
-rw-r--r--keystone/tests/test_ssl.py37
1 files changed, 27 insertions, 10 deletions
diff --git a/keystone/tests/test_ssl.py b/keystone/tests/test_ssl.py
index ecfdf3b8f..8c142ac34 100644
--- a/keystone/tests/test_ssl.py
+++ b/keystone/tests/test_ssl.py
@@ -35,8 +35,25 @@ CLIENT = os.path.join(CERTDIR, 'middleware.pem')
class SSLTestCase(tests.TestCase):
def setUp(self):
super(SSLTestCase, self).setUp()
+ # NOTE(jamespage):
+ # Deal with more secure certificate chain verification
+ # introduced in python 2.7.9 under PEP-0476
+ # https://github.com/python/peps/blob/master/pep-0476.txt
+ self.context = None
+ if hasattr(ssl, '_create_unverified_context'):
+ self.context = ssl._create_unverified_context()
self.load_backends()
+ def get_HTTPSConnection(self, *args):
+ """Simple helper to configure HTTPSConnection objects."""
+ if self.context:
+ return environment.httplib.HTTPSConnection(
+ *args,
+ context=self.context
+ )
+ else:
+ return environment.httplib.HTTPSConnection(*args)
+
def test_1way_ssl_ok(self):
"""Make sure both public and admin API work with 1-way SSL."""
paste_conf = self._paste_config('keystone')
@@ -44,7 +61,7 @@ class SSLTestCase(tests.TestCase):
# Verify Admin
with appserver.AppServer(paste_conf, appserver.ADMIN, **ssl_kwargs):
- conn = environment.httplib.HTTPSConnection(
+ conn = self.get_HTTPSConnection(
'127.0.0.1', CONF.admin_port)
conn.request('GET', '/')
resp = conn.getresponse()
@@ -52,7 +69,7 @@ class SSLTestCase(tests.TestCase):
# Verify Public
with appserver.AppServer(paste_conf, appserver.MAIN, **ssl_kwargs):
- conn = environment.httplib.HTTPSConnection(
+ conn = self.get_HTTPSConnection(
'127.0.0.1', CONF.public_port)
conn.request('GET', '/')
resp = conn.getresponse()
@@ -68,7 +85,7 @@ class SSLTestCase(tests.TestCase):
# Verify Admin
with appserver.AppServer(paste_conf, appserver.ADMIN, **ssl_kwargs):
- conn = environment.httplib.HTTPSConnection(
+ conn = self.get_HTTPSConnection(
'127.0.0.1', CONF.admin_port, CLIENT, CLIENT)
conn.request('GET', '/')
resp = conn.getresponse()
@@ -76,7 +93,7 @@ class SSLTestCase(tests.TestCase):
# Verify Public
with appserver.AppServer(paste_conf, appserver.MAIN, **ssl_kwargs):
- conn = environment.httplib.HTTPSConnection(
+ conn = self.get_HTTPSConnection(
'127.0.0.1', CONF.public_port, CLIENT, CLIENT)
conn.request('GET', '/')
resp = conn.getresponse()
@@ -91,14 +108,14 @@ class SSLTestCase(tests.TestCase):
# Verify Admin
with appserver.AppServer(paste_conf, appserver.ADMIN, **ssl_kwargs):
- conn = environment.httplib.HTTPSConnection('::1', CONF.admin_port)
+ conn = self.get_HTTPSConnection('::1', CONF.admin_port)
conn.request('GET', '/')
resp = conn.getresponse()
self.assertEqual(300, resp.status)
# Verify Public
with appserver.AppServer(paste_conf, appserver.MAIN, **ssl_kwargs):
- conn = environment.httplib.HTTPSConnection('::1', CONF.public_port)
+ conn = self.get_HTTPSConnection('::1', CONF.public_port)
conn.request('GET', '/')
resp = conn.getresponse()
self.assertEqual(300, resp.status)
@@ -116,7 +133,7 @@ class SSLTestCase(tests.TestCase):
# Verify Admin
with appserver.AppServer(paste_conf, appserver.ADMIN, **ssl_kwargs):
- conn = environment.httplib.HTTPSConnection(
+ conn = self.get_HTTPSConnection(
'::1', CONF.admin_port, CLIENT, CLIENT)
conn.request('GET', '/')
resp = conn.getresponse()
@@ -124,7 +141,7 @@ class SSLTestCase(tests.TestCase):
# Verify Public
with appserver.AppServer(paste_conf, appserver.MAIN, **ssl_kwargs):
- conn = environment.httplib.HTTPSConnection(
+ conn = self.get_HTTPSConnection(
'::1', CONF.public_port, CLIENT, CLIENT)
conn.request('GET', '/')
resp = conn.getresponse()
@@ -137,7 +154,7 @@ class SSLTestCase(tests.TestCase):
# Verify Admin
with appserver.AppServer(paste_conf, appserver.ADMIN, **ssl_kwargs):
- conn = environment.httplib.HTTPSConnection(
+ conn = self.get_HTTPSConnection(
'127.0.0.1', CONF.admin_port)
try:
conn.request('GET', '/')
@@ -147,7 +164,7 @@ class SSLTestCase(tests.TestCase):
# Verify Public
with appserver.AppServer(paste_conf, appserver.MAIN, **ssl_kwargs):
- conn = environment.httplib.HTTPSConnection(
+ conn = self.get_HTTPSConnection(
'127.0.0.1', CONF.public_port)
try:
conn.request('GET', '/')