diff options
author | Ghe Rivero <ghe.rivero@hp.com> | 2015-06-04 13:39:12 +0200 |
---|---|---|
committer | David Shrewsbury <shrewsbury.dave@gmail.com> | 2015-06-05 14:35:52 -0400 |
commit | 7e605f963fe88eded0017a4fdf85ebf13b4c52c1 (patch) | |
tree | dcb769b55b9717a74e207af2bcbc5bc9e3d07b9b | |
parent | bc253d62b9a61575c3ba2f443b2429b5df904905 (diff) | |
download | os-client-config-7e605f963fe88eded0017a4fdf85ebf13b4c52c1.tar.gz |
Add SSL documentation to README.rst
Explain usage and warn avoid behavior with conflicting
cacert and verify options.
Change-Id: I25b43ba47bd0feb941b649265c6e67723a93e277
-rw-r--r-- | README.rst | 14 |
1 files changed, 14 insertions, 0 deletions
@@ -135,6 +135,20 @@ as a result of a chosen plugin need to go into the auth dict. For password auth, this includes `auth_url`, `username` and `password` as well as anything related to domains, projects and trusts. +SSL Settings +------------ + +When the access to a cloud is done via a secure connection, `os-client-config` +will always verify the SSL cert by default. This can be disabled by setting +`verify` to `False`. In case the cert is signed by an unknown CA, a specific +cacert can be provided via `cacert`. **WARNING:** `verify` will always have +precedence over `cacert`, so when setting a CA cert but disabling `verify`, the +cloud cert will never be validated. + +Client certs are also configurable. `cert` will be the client cert file +location. In case the cert key is not included within the client cert file, +its file location needs to be set via `key`. + Cache Settings -------------- |