Deal with PEP-0476 certificate chaining checking

PEP-0476 introduced more thorough certificate chain verfication
for HTTPS connectivity; this was introduced in Python 2.7.9, and
breaks a number of unit tests in the neutron codebase.

Disable certificate chain verification for keystone SSL tests
using the backwards compatible SSLContext provided for this
purpose.

Change-Id: I25859d8981a022b4f625ce57ecd28da3820a7b17
Closes-Bug: #1403068

diff --git a/neutron/tests/unit/test_wsgi.py b/neutron/tests/unit/test_wsgi.py
index 49c23fdb5b5dfb41cceaf83221450a5d9a5cdac3..0dbc361464906fe69ec86b3857e9293ec50806d5 100644 (file)
--- a/neutron/tests/unit/test_wsgi.py
+++ b/neutron/tests/unit/test_wsgi.py
@@ -15,6 +15,7 @@
 
 import os
 import socket
+import ssl
 import urllib2
 
 import mock
@@ -34,7 +35,17 @@ TEST_VAR_DIR = os.path.abspath(os.path.join(os.path.dirname(__file__),
 
 
 def open_no_proxy(*args, **kwargs):
-    opener = urllib2.build_opener(urllib2.ProxyHandler({}))
+    # NOTE(jamespage):
+    # Deal with more secure certification chain verficiation
+    # introduced in python 2.7.9 under PEP-0476
+    # https://github.com/python/peps/blob/master/pep-0476.txt
+    if hasattr(ssl, "_create_unverified_context"):
+        opener = urllib2.build_opener(
+            urllib2.ProxyHandler({}),
+            urllib2.HTTPSHandler(context=ssl._create_unverified_context())
+        )
+    else:
+        opener = urllib2.build_opener(urllib2.ProxyHandler({}))
     return opener.open(*args, **kwargs)