From: James Page <james.page@ubuntu.com>
Date: Tue, 6 Jan 2015 12:01:40 +0000 (+0000)
Subject: Deal with PEP-0476 certificate chaining checking
X-Git-Url: https://review.fuel-infra.org/gitweb?a=commitdiff_plain;h=1d75a6fd3bce8ccad52d3f33d5118f160c992f60;p=openstack-build%2Fneutron-build.git

Deal with PEP-0476 certificate chaining checking

PEP-0476 introduced more thorough certificate chain verfication
for HTTPS connectivity; this was introduced in Python 2.7.9, and
breaks a number of unit tests in the neutron codebase.

Disable certificate chain verification for keystone SSL tests
using the backwards compatible SSLContext provided for this
purpose.

Change-Id: I25859d8981a022b4f625ce57ecd28da3820a7b17
Closes-Bug: #1403068
---

diff --git a/neutron/tests/unit/test_wsgi.py b/neutron/tests/unit/test_wsgi.py
index 49c23fdb5..0dbc36146 100644
--- a/neutron/tests/unit/test_wsgi.py
+++ b/neutron/tests/unit/test_wsgi.py
@@ -15,6 +15,7 @@
 
 import os
 import socket
+import ssl
 import urllib2
 
 import mock
@@ -34,7 +35,17 @@ TEST_VAR_DIR = os.path.abspath(os.path.join(os.path.dirname(__file__),
 
 
 def open_no_proxy(*args, **kwargs):
-    opener = urllib2.build_opener(urllib2.ProxyHandler({}))
+    # NOTE(jamespage):
+    # Deal with more secure certification chain verficiation
+    # introduced in python 2.7.9 under PEP-0476
+    # https://github.com/python/peps/blob/master/pep-0476.txt
+    if hasattr(ssl, "_create_unverified_context"):
+        opener = urllib2.build_opener(
+            urllib2.ProxyHandler({}),
+            urllib2.HTTPSHandler(context=ssl._create_unverified_context())
+        )
+    else:
+        opener = urllib2.build_opener(urllib2.ProxyHandler({}))
     return opener.open(*args, **kwargs)