2 files changed, 15 insertions, 3 deletions

diff --git a/keystoneclient/client.py b/keystoneclient/client.py
index b53d7cf..4766551 100644
--- a/keystoneclient/client.py
+++ b/keystoneclient/client.py
@@ -39,7 +39,7 @@ class HTTPClient(httplib2.Http):
     def __init__(self, username=None, tenant_id=None, tenant_name=None,
                  password=None, auth_url=None, region_name=None, timeout=None,
                  endpoint=None, token=None, cacert=None, key=None,
-                 cert=None):
+                 cert=None, insecure=False):
         super(HTTPClient, self).__init__(timeout=timeout, ca_certs=cacert)
         if cert:
             if key:
@@ -59,6 +59,7 @@ class HTTPClient(httplib2.Http):
 
         # httplib2 overrides
         self.force_exception_to_status_code = True
+        self.disable_ssl_certificate_validation = insecure
 
     def authenticate(self):
         """ Authenticate against the keystone API.
diff --git a/keystoneclient/shell.py b/keystoneclient/shell.py
index ef789f0..8990863 100644
--- a/keystoneclient/shell.py
+++ b/keystoneclient/shell.py
@@ -140,6 +140,15 @@ class OpenStackIdentityShell(object):
                             default=env('OS_KEY'),
                             help='Defaults to env[OS_KEY]')
 
+        parser.add_argument('--insecure',
+                            default=False,
+                            action="store_true",
+                            help="Explicitly allow keystoneclient to perform "
+                                 "\"insecure\" SSL (https) requests. The "
+                                 "server's certificate will not be verified "
+                                 "against any certificate authorities. This "
+                                 "option should be used with caution.")
+
         # FIXME(dtroyer): The args below are here for diablo compatibility,
         #                 remove them in folsum cycle
 
@@ -308,7 +317,8 @@ class OpenStackIdentityShell(object):
             self.cs = shell_generic.CLIENT_CLASS(endpoint=args.os_auth_url,
                                                  cacert=args.os_cacert,
                                                  key=args.os_key,
-                                                 cert=args.os_cert)
+                                                 cert=args.os_cert,
+                                                 insecure=args.insecure)
         else:
             token = None
             endpoint = None
@@ -327,7 +337,8 @@ class OpenStackIdentityShell(object):
                 region_name=args.os_region_name,
                 cacert=args.os_cacert,
                 key=args.os_key,
-                cert=args.os_cert)
+                cert=args.os_cert,
+                insecure=args.insecure)
 
         try:
             args.func(self.cs, args)