OK I have tracked this down. It looks to me that keystone-client is unusable with an an https keystone endpoint.
If --os-cacert is not set it will default to an empty string. This then gets passed down to underlying http classes and it will use the empty string as the ca path. What needs to happen is that is this option is not set it needs to be set as None. That way httplib will use the default CA path but only if it is None, None != "" for this checking. ** Tags removed: cloud-archive ** Tags added: folsom-backport-potential -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to keystone in Ubuntu. https://bugs.launchpad.net/bugs/1064835 Title: keystoneclient fails on SSL certificates that work for other services To manage notifications about this bug go to: https://bugs.launchpad.net/python-keystoneclient/+bug/1064835/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
