diff options
author | Dean Troyer <dtroyer@gmail.com> | 2012-11-16 17:43:05 -0600 |
---|---|---|
committer | Dean Troyer <dtroyer@gmail.com> | 2012-12-18 15:30:43 -0600 |
commit | 51dc6a0cef657cf9fa110da11d81d1c3f13194fa (patch) | |
tree | 80bda5aa2974db6102a60b06ea7422e107034940 /README.rst | |
parent | 581264757e5ac8c5313acc35e5dc94247c7a80ff (diff) | |
download | python-keystoneclient-51dc6a0cef657cf9fa110da11d81d1c3f13194fa.tar.gz |
Use requests module for HTTP/HTTPS
* Implement correct certificate verification
* Add requests to tools/pip-requires
* Fix OS_CACERT env var help text
* Add info to README
* Rework tests to use requests
Pinned requests module to < 1.0 as 1.0.2 is now current in pipi
as of 17Dec2012.
Change-Id: I120d2c12d6f20ebe2fd7182ec8988cc73f623b80
Diffstat (limited to 'README.rst')
-rw-r--r-- | README.rst | 26 |
1 files changed, 19 insertions, 7 deletions
@@ -75,6 +75,17 @@ OS_REGION_NAME``):: If a region is not specified and multiple regions are returned by the Identity service, the client may not access the same region consistently. +If you need to connect to a server that is TLS-enabled (the auth URL begins +with 'https') and it uses a certificate from a private CA or a self-signed +certificate you will need to specify the path to an appropriate CA certificate +to use to validate the server certificate with ``--os-cacert`` or an +environment variable:: + + export OS_CACERT=/etc/ssl/my-root-cert.pem + +Certificate verification can be turned off using ``--insecure``. This should +be used with caution. + You'll find complete documentation on the shell by running ``keystone help``:: usage: keystone [--os-username <auth-user-name>] @@ -85,8 +96,8 @@ You'll find complete documentation on the shell by running ``keystone help``:: [--os-identity-api-version <identity-api-version>] [--os-token <service-token>] [--os-endpoint <service-endpoint>] - [--os-cacert <ca-certificate>] [--os-cert <certificate>] - [--os-key <key>] [--insecure] + [--os-cacert <ca-certificate>] [--insecure] + [--os-cert <certificate>] [--os-key <key>] [--no-cache] <subcommand> ... Command-line interface to the OpenStack Identity API. @@ -167,13 +178,14 @@ You'll find complete documentation on the shell by running ``keystone help``:: from the service catalog (via authentication). Defaults to env[OS_SERVICE_ENDPOINT] --os-cacert <ca-certificate> - Defaults to env[OS_CACERT] + Specify a CA bundle file to use in verifying a TLS + (https) server certificate. Defaults to env[OS_CACERT] + --insecure Explicitly allow keystoneclient to perform "insecure" + TLS (https) requests. The server's certificate will + not be verified against any certificate authorities. + This option should be used with caution. --os-cert <certificate> Defaults to env[OS_CERT] --os-key <key> Defaults to env[OS_KEY] - --insecure Explicitly allow keystoneclient to perform "insecure" - SSL (https) requests. The server's certificate will - not be verified against any certificate authorities. - This option should be used with caution. See "keystone help COMMAND" for help on a specific command. |