Public bug reported: The version of glance-client in precise doesn't appear to validate SSL certificates correctly.
$ dpkg-query -W glance-client glance-client 2012.1.3+stable~20120821-120fcf-0ubuntu1 $ glance --version glance 2012.1.3-dev $ lsb_release -rd Description: Ubuntu 12.04.1 LTS Release: 12.04 By looking at the code it appears that to specify the CA file you need to set an environment variable GLANCE_CLIENT_CA_FILE, or it will default to /etc/ssl/certs/ca-certificates.crt. The SSL certificate we're trying to use is from GoDaddy, so I have the certficate authority file from them that I'm pointing GLANCE_CLIENT_CA_FILE to. I've also placed it in /usr/local/share/ca-certificates/gd_bundle.crt and run update-ca-certificates. $ glance -v -N https://ip.ad.dr.es:5000/v2.0 -I glanceUser -K thisisnotmypassword -T tenant -S keystone --ssl index Failed to show index. Got error: Connect error/bad request to Auth service at URL https://ip.ad.dr.es:5000/v2.0/tokens. Completed in 0.0234 sec. To ensure that the ca files are correct, I validated that connecting via openssl works fine when specifying the files: # Without the ca files specified: $ openssl s_client -connect localhost:5000 2> /dev/null | grep "Verify return code" Verify return code: 21 (unable to verify the first certificate) # Using gd_bundle.crt $ openssl s_client -CAfile /usr/local/share/ca-certificates/gd_bundle.crt -connect localhost:5000 2>/dev/null | grep "Verify return code" Verify return code: 0 (ok) How do we get the glance command line client to validate correctly with valid SSL certificates? ** Affects: glance (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1060693 Title: precise glance-client doesn't validate ssl certificates correctly To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/glance/+bug/1060693/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
