[Bug 1064835] Re: keystoneclient fails on SSL certificates that work for other services
** Tags added: cloud-archive -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1064835 Title: keystoneclient fails on SSL certificates that work for other services To manage notifications about this bug go to: https://bugs.launchpad.net/python-keystoneclient/+bug/1064835/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1064835] Re: keystoneclient fails on SSL certificates that work for other services
** Branch linked: lp:~openstack-ubuntu-testing/python-keystoneclient /quantal-folsom-proposed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1064835 Title: keystoneclient fails on SSL certificates that work for other services To manage notifications about this bug go to: https://bugs.launchpad.net/python-keystoneclient/+bug/1064835/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1064835] Re: keystoneclient fails on SSL certificates that work for other services
Reviewed: https://review.openstack.org/14572 Committed: http://github.com/openstack/python-keystoneclient/commit/d81160e32e9828c6ba59da28a1f5ed79c9d05fdf Submitter: Jenkins Branch:master commit d81160e32e9828c6ba59da28a1f5ed79c9d05fdf Author: Sam Morrison sorri...@gmail.com Date: Sat Oct 20 05:05:17 2012 +1100 Fixes https connections to keystone when no CA certificates are specified. Fixes bug 1064835 Change-Id: I77987f01cc1395a4857ebdcb0bb6adf697866dd7 ** Changed in: python-keystoneclient Status: In Progress = Fix Committed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1064835 Title: keystoneclient fails on SSL certificates that work for other services To manage notifications about this bug go to: https://bugs.launchpad.net/python-keystoneclient/+bug/1064835/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1064835] Re: keystoneclient fails on SSL certificates that work for other services
WRT Ubuntu update, this needs to be fixed upstream before it can be applied as a match to the Ubuntu package in Quantal and Cloud Archive. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1064835 Title: keystoneclient fails on SSL certificates that work for other services To manage notifications about this bug go to: https://bugs.launchpad.net/python-keystoneclient/+bug/1064835/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1064835] Re: keystoneclient fails on SSL certificates that work for other services
Is there anything holding this up? keystoneclient is practically useless in an https environment without it. Would be good to push this along. I would mark it as critical if I could -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1064835 Title: keystoneclient fails on SSL certificates that work for other services To manage notifications about this bug go to: https://bugs.launchpad.net/python-keystoneclient/+bug/1064835/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1064835] Re: keystoneclient fails on SSL certificates that work for other services
** Tags added: canonistack -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1064835 Title: keystoneclient fails on SSL certificates that work for other services To manage notifications about this bug go to: https://bugs.launchpad.net/python-keystoneclient/+bug/1064835/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1064835] Re: keystoneclient fails on SSL certificates that work for other services
** Package changed: keystone (Ubuntu) = python-keystoneclient (Ubuntu) ** Changed in: python-keystoneclient (Ubuntu) Status: Invalid = Confirmed -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to keystone in Ubuntu. https://bugs.launchpad.net/bugs/1064835 Title: keystoneclient fails on SSL certificates that work for other services To manage notifications about this bug go to: https://bugs.launchpad.net/python-keystoneclient/+bug/1064835/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1064835] Re: keystoneclient fails on SSL certificates that work for other services
** Package changed: keystone (Ubuntu) = python-keystoneclient (Ubuntu) ** Changed in: python-keystoneclient (Ubuntu) Status: Invalid = Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1064835 Title: keystoneclient fails on SSL certificates that work for other services To manage notifications about this bug go to: https://bugs.launchpad.net/python-keystoneclient/+bug/1064835/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1064835] Re: keystoneclient fails on SSL certificates that work for other services
So does the following fix this issue? --- a/keystoneclient/shell.py +++ b/keystoneclient/shell.py @@ -131,7 +131,7 @@ class OpenStackIdentityShell(object): parser.add_argument('--os-cacert', metavar='ca-certificate', -default=env('OS_CA_CERT'), +default=env('OS_CA_CERT', default=None), help='Defaults to env[OS_CACERT]') parser.add_argument('--os_cacert', help=argparse.SUPPRESS) or more generic: --- a/keystoneclient/shell.py +++ b/keystoneclient/shell.py @@ -42,7 +42,7 @@ def env(*vars, **kwargs): value = os.environ.get(v, None) if value: return value -return kwargs.get('default', '') +return kwargs.get('default', None) class OpenStackIdentityShell(object): -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to keystone in Ubuntu. https://bugs.launchpad.net/bugs/1064835 Title: keystoneclient fails on SSL certificates that work for other services To manage notifications about this bug go to: https://bugs.launchpad.net/python-keystoneclient/+bug/1064835/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1064835] Re: keystoneclient fails on SSL certificates that work for other services
Fix proposed to branch: master Review: https://review.openstack.org/14572 ** Changed in: python-keystoneclient Status: Confirmed = In Progress ** Changed in: python-keystoneclient Assignee: (unassigned) = Sam Morrison (sorrison) -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to keystone in Ubuntu. https://bugs.launchpad.net/bugs/1064835 Title: keystoneclient fails on SSL certificates that work for other services To manage notifications about this bug go to: https://bugs.launchpad.net/python-keystoneclient/+bug/1064835/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1064835] Re: keystoneclient fails on SSL certificates that work for other services
Removing tag for backport, keystoneclient doesn't have stable/folsom branch, all clients are trunk-only now (for better or worse). ** Tags removed: folsom-backport-potential -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to keystone in Ubuntu. https://bugs.launchpad.net/bugs/1064835 Title: keystoneclient fails on SSL certificates that work for other services To manage notifications about this bug go to: https://bugs.launchpad.net/python-keystoneclient/+bug/1064835/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1064835] Re: keystoneclient fails on SSL certificates that work for other services
So does the following fix this issue? --- a/keystoneclient/shell.py +++ b/keystoneclient/shell.py @@ -131,7 +131,7 @@ class OpenStackIdentityShell(object): parser.add_argument('--os-cacert', metavar='ca-certificate', -default=env('OS_CA_CERT'), +default=env('OS_CA_CERT', default=None), help='Defaults to env[OS_CACERT]') parser.add_argument('--os_cacert', help=argparse.SUPPRESS) or more generic: --- a/keystoneclient/shell.py +++ b/keystoneclient/shell.py @@ -42,7 +42,7 @@ def env(*vars, **kwargs): value = os.environ.get(v, None) if value: return value -return kwargs.get('default', '') +return kwargs.get('default', None) class OpenStackIdentityShell(object): -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1064835 Title: keystoneclient fails on SSL certificates that work for other services To manage notifications about this bug go to: https://bugs.launchpad.net/python-keystoneclient/+bug/1064835/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1064835] Re: keystoneclient fails on SSL certificates that work for other services
Fix proposed to branch: master Review: https://review.openstack.org/14572 ** Changed in: python-keystoneclient Status: Confirmed = In Progress ** Changed in: python-keystoneclient Assignee: (unassigned) = Sam Morrison (sorrison) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1064835 Title: keystoneclient fails on SSL certificates that work for other services To manage notifications about this bug go to: https://bugs.launchpad.net/python-keystoneclient/+bug/1064835/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1064835] Re: keystoneclient fails on SSL certificates that work for other services
Removing tag for backport, keystoneclient doesn't have stable/folsom branch, all clients are trunk-only now (for better or worse). ** Tags removed: folsom-backport-potential -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1064835 Title: keystoneclient fails on SSL certificates that work for other services To manage notifications about this bug go to: https://bugs.launchpad.net/python-keystoneclient/+bug/1064835/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1064835] Re: keystoneclient fails on SSL certificates that work for other services
This is a bug in the ubuntu cloud archive ** Also affects: keystone (Ubuntu) Importance: Undecided Status: New ** Changed in: python-keystoneclient Status: New = Invalid -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to keystone in Ubuntu. https://bugs.launchpad.net/bugs/1064835 Title: keystoneclient fails on SSL certificates that work for other services To manage notifications about this bug go to: https://bugs.launchpad.net/python-keystoneclient/+bug/1064835/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1064835] Re: keystoneclient fails on SSL certificates that work for other services
Status changed to 'Confirmed' because the bug affects multiple users. ** Changed in: keystone (Ubuntu) Status: New = Confirmed -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to keystone in Ubuntu. https://bugs.launchpad.net/bugs/1064835 Title: keystoneclient fails on SSL certificates that work for other services To manage notifications about this bug go to: https://bugs.launchpad.net/python-keystoneclient/+bug/1064835/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1064835] Re: keystoneclient fails on SSL certificates that work for other services
** Tags added: cloud-archive -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to keystone in Ubuntu. https://bugs.launchpad.net/bugs/1064835 Title: keystoneclient fails on SSL certificates that work for other services To manage notifications about this bug go to: https://bugs.launchpad.net/python-keystoneclient/+bug/1064835/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1064835] Re: keystoneclient fails on SSL certificates that work for other services
On further investigation it is a problem in keystone, whoops ** Changed in: keystone (Ubuntu) Status: Confirmed = Invalid ** Changed in: python-keystoneclient Status: Invalid = Confirmed -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to keystone in Ubuntu. https://bugs.launchpad.net/bugs/1064835 Title: keystoneclient fails on SSL certificates that work for other services To manage notifications about this bug go to: https://bugs.launchpad.net/python-keystoneclient/+bug/1064835/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1064835] Re: keystoneclient fails on SSL certificates that work for other services
OK I have tracked this down. It looks to me that keystone-client is unusable with an an https keystone endpoint. If --os-cacert is not set it will default to an empty string. This then gets passed down to underlying http classes and it will use the empty string as the ca path. What needs to happen is that is this option is not set it needs to be set as None. That way httplib will use the default CA path but only if it is None, None != for this checking. ** Tags removed: cloud-archive ** Tags added: folsom-backport-potential -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to keystone in Ubuntu. https://bugs.launchpad.net/bugs/1064835 Title: keystoneclient fails on SSL certificates that work for other services To manage notifications about this bug go to: https://bugs.launchpad.net/python-keystoneclient/+bug/1064835/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1064835] Re: keystoneclient fails on SSL certificates that work for other services
This is a bug in the ubuntu cloud archive ** Also affects: keystone (Ubuntu) Importance: Undecided Status: New ** Changed in: python-keystoneclient Status: New = Invalid -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1064835 Title: keystoneclient fails on SSL certificates that work for other services To manage notifications about this bug go to: https://bugs.launchpad.net/python-keystoneclient/+bug/1064835/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1064835] Re: keystoneclient fails on SSL certificates that work for other services
Status changed to 'Confirmed' because the bug affects multiple users. ** Changed in: keystone (Ubuntu) Status: New = Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1064835 Title: keystoneclient fails on SSL certificates that work for other services To manage notifications about this bug go to: https://bugs.launchpad.net/python-keystoneclient/+bug/1064835/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1064835] Re: keystoneclient fails on SSL certificates that work for other services
** Tags added: cloud-archive -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1064835 Title: keystoneclient fails on SSL certificates that work for other services To manage notifications about this bug go to: https://bugs.launchpad.net/python-keystoneclient/+bug/1064835/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1064835] Re: keystoneclient fails on SSL certificates that work for other services
On further investigation it is a problem in keystone, whoops ** Changed in: keystone (Ubuntu) Status: Confirmed = Invalid ** Changed in: python-keystoneclient Status: Invalid = Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1064835 Title: keystoneclient fails on SSL certificates that work for other services To manage notifications about this bug go to: https://bugs.launchpad.net/python-keystoneclient/+bug/1064835/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1064835] Re: keystoneclient fails on SSL certificates that work for other services
OK I have tracked this down. It looks to me that keystone-client is unusable with an an https keystone endpoint. If --os-cacert is not set it will default to an empty string. This then gets passed down to underlying http classes and it will use the empty string as the ca path. What needs to happen is that is this option is not set it needs to be set as None. That way httplib will use the default CA path but only if it is None, None != for this checking. ** Tags removed: cloud-archive ** Tags added: folsom-backport-potential -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1064835 Title: keystoneclient fails on SSL certificates that work for other services To manage notifications about this bug go to: https://bugs.launchpad.net/python-keystoneclient/+bug/1064835/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs