Deal with PEP-0476 certificate chaining checking

PEP-0476 introduced more thorough certificate chain verfication
for HTTPS connectivity; this was introduced in Python 2.7.9, and
breaks a number of unit tests in the cinder codebase.

Disable certificate chain verification for cinder SSL tests
using the backwards compatible SSLContext provided for this
purpose.

Change-Id: Iffc3658196f608c7a7c9b6527dc8e7210fb05bff
Closes-Bug: #1403068

diff --git a/cinder/tests/test_wsgi.py b/cinder/tests/test_wsgi.py
index 2ff1b550c3246a7271afff02a1c24e8a1398315f..7d7b2ef16b19482044e910430f7f5a9c99f52c72 100644 (file)
--- a/cinder/tests/test_wsgi.py
+++ b/cinder/tests/test_wsgi.py
@@ -19,6 +19,7 @@
 import os.path
 import re
 import socket
+import ssl
 import tempfile
 import time
 import urllib2
@@ -42,7 +43,17 @@ TEST_VAR_DIR = os.path.abspath(os.path.join(os.path.dirname(__file__),
 
 
 def open_no_proxy(*args, **kwargs):
-    opener = urllib2.build_opener(urllib2.ProxyHandler({}))
+    # NOTE(coreycb):
+    # Deal with more secure certification chain verficiation
+    # introduced in python 2.7.9 under PEP-0476
+    # https://github.com/python/peps/blob/master/pep-0476.txt
+    if hasattr(ssl, "_create_unverified_context"):
+        opener = urllib2.build_opener(
+            urllib2.ProxyHandler({}),
+            urllib2.HTTPSHandler(context=ssl._create_unverified_context())
+        )
+    else:
+        opener = urllib2.build_opener(urllib2.ProxyHandler({}))
     return opener.open(*args, **kwargs)