From: Corey Bryant <corey.bryant@canonical.com>
Date: Wed, 14 Jan 2015 18:11:30 +0000 (-0500)
Subject: Deal with PEP-0476 certificate chaining checking
X-Git-Url: https://review.fuel-infra.org/gitweb?a=commitdiff_plain;h=4e849ef5fbb7159276435ac6f7315bf20274768d;p=openstack-build%2Fcinder-build.git

Deal with PEP-0476 certificate chaining checking

PEP-0476 introduced more thorough certificate chain verfication
for HTTPS connectivity; this was introduced in Python 2.7.9, and
breaks a number of unit tests in the cinder codebase.

Disable certificate chain verification for cinder SSL tests
using the backwards compatible SSLContext provided for this
purpose.

Change-Id: Iffc3658196f608c7a7c9b6527dc8e7210fb05bff
Closes-Bug: #1403068
---

diff --git a/cinder/tests/test_wsgi.py b/cinder/tests/test_wsgi.py
index 2ff1b550c..7d7b2ef16 100644
--- a/cinder/tests/test_wsgi.py
+++ b/cinder/tests/test_wsgi.py
@@ -19,6 +19,7 @@
 import os.path
 import re
 import socket
+import ssl
 import tempfile
 import time
 import urllib2
@@ -42,7 +43,17 @@ TEST_VAR_DIR = os.path.abspath(os.path.join(os.path.dirname(__file__),
 
 
 def open_no_proxy(*args, **kwargs):
-    opener = urllib2.build_opener(urllib2.ProxyHandler({}))
+    # NOTE(coreycb):
+    # Deal with more secure certification chain verficiation
+    # introduced in python 2.7.9 under PEP-0476
+    # https://github.com/python/peps/blob/master/pep-0476.txt
+    if hasattr(ssl, "_create_unverified_context"):
+        opener = urllib2.build_opener(
+            urllib2.ProxyHandler({}),
+            urllib2.HTTPSHandler(context=ssl._create_unverified_context())
+        )
+    else:
+        opener = urllib2.build_opener(urllib2.ProxyHandler({}))
     return opener.open(*args, **kwargs)