From 1d75a6fd3bce8ccad52d3f33d5118f160c992f60 Mon Sep 17 00:00:00 2001 From: James Page Date: Tue, 6 Jan 2015 12:01:40 +0000 Subject: [PATCH] Deal with PEP-0476 certificate chaining checking PEP-0476 introduced more thorough certificate chain verfication for HTTPS connectivity; this was introduced in Python 2.7.9, and breaks a number of unit tests in the neutron codebase. Disable certificate chain verification for keystone SSL tests using the backwards compatible SSLContext provided for this purpose. Change-Id: I25859d8981a022b4f625ce57ecd28da3820a7b17 Closes-Bug: #1403068 --- neutron/tests/unit/test_wsgi.py | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/neutron/tests/unit/test_wsgi.py b/neutron/tests/unit/test_wsgi.py index 49c23fdb5..0dbc36146 100644 --- a/neutron/tests/unit/test_wsgi.py +++ b/neutron/tests/unit/test_wsgi.py @@ -15,6 +15,7 @@ import os import socket +import ssl import urllib2 import mock @@ -34,7 +35,17 @@ TEST_VAR_DIR = os.path.abspath(os.path.join(os.path.dirname(__file__), def open_no_proxy(*args, **kwargs): - opener = urllib2.build_opener(urllib2.ProxyHandler({})) + # NOTE(jamespage): + # Deal with more secure certification chain verficiation + # introduced in python 2.7.9 under PEP-0476 + # https://github.com/python/peps/blob/master/pep-0476.txt + if hasattr(ssl, "_create_unverified_context"): + opener = urllib2.build_opener( + urllib2.ProxyHandler({}), + urllib2.HTTPSHandler(context=ssl._create_unverified_context()) + ) + else: + opener = urllib2.build_opener(urllib2.ProxyHandler({})) return opener.open(*args, **kwargs) -- 2.45.2