> On Sep 19, 2014, at 11:54 AM, Brant Knudson <b...@acm.org> wrote:
> I don't think anyone would be complaining if glanceclient didn't have the 
> need to reach into and monkeypatch requests's connection pool manager[1]. Is 
> there a way to tell requests to build the https connections differently 
> without monkeypatching urllib3.poolmanager?
> glanceclient's monkeypatching of the global variable here is dangerous since 
> it will mess with the application and every other library if the application 
> or another library uses glanceclient.
> [1] 
> http://git.openstack.org/cgit/openstack/python-glanceclient/tree/glanceclient/common/https.py#n75
> <http://git.openstack.org/cgit/openstack/python-glanceclient/tree/glanceclient/common/https.py#n75>

Why does it need to use it’s own VerifiedHTTPSConnection class? Ironically
reimplementing that is probably more dangerous for security than requests
bundling urllib3 ;)

Donald Stufft
PGP: 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA

OpenStack-dev mailing list

Reply via email to