openinfra/python-tempestconf
Code Issues Proposed changes

Use custom TLS certificate if provided

Browse Source 
Since `urllib3` uses `certifi` as the certificate provider [1], if the
users enable TLS with a custom certificate, the `Service.do_get` method
will not be able to verify the custom certificate. According to the
documentation [1], we need to add `cert_reqs` and `ca_certs` to the
`urllib3.PoolManager` when a custom certificate is used.

[1] https://urllib3.readthedocs.io/en/latest/advanced-usage.html#custom-tls-certificates

Story: #2011168
Task: #50514
Change-Id: I75857cf0d0d37254180aa3ae2305e16610c9fab4
This commit is contained in:
Chi Wai Chan 2024-07-08 09:27:54 +08:00 committed by Chi Wai CHAN
parent b6d2581444
commit f30afbb1bc
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
config_tempest/services/base.py
View File

@ -59,6 +59,10 @@ class Service(object):
if self.disable_ssl_validation: if self.disable_ssl_validation:
urllib3.disable_warnings() urllib3.disable_warnings()
http = urllib3.PoolManager(cert_reqs='CERT_NONE') http = urllib3.PoolManager(cert_reqs='CERT_NONE')
elif self.ca_certs is not None:
http = urllib3.PoolManager(
cert_reqs='REQUIRED', ca_certs=self.ca_certs
)
else: else:
http = urllib3.PoolManager() http = urllib3.PoolManager()
r = http.request('GET', url, headers=self.headers) r = http.request('GET', url, headers=self.headers)