I updated the package from quantal-proposed successfully. I checked the
contents of shell.py to ensure the patch had been applied and removed
all *.pyc files from /usr/lib/python2.7/dist-packages/keystoneclient/ to
ensure no files from the previous version remained.
Unfortunately, it seems the bug still persists. I cannot interact with
keystone using SSL, unless I use the --insecure flag, or specify the
default cacerts.txt file by hand. Please see below.
# dpkg -l python-keystoneclient
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name Version
Description
+++-====================================-====================================-========================================================================================
ii python-keystoneclient 1:0.1.3-0ubuntu1.1
Client libary for Openstack Keystone API
# grep -B 4 CACERT /usr/share/pyshared/keystoneclient/shell.py
parser.add_argument('--os-cacert',
metavar='<ca-certificate>',
default=env('OS_CA_CERT', default=None),
help='Defaults to env[OS_CACERT]')
# keystone service-list
No handlers could be found for logger "keystoneclient.client"
Unable to communicate with identity service: [Errno 1] _ssl.c:504:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify
failed. (HTTP 400)
# keystone --insecure service-list
+----------------------------------+----------+--------------+------------------------------+
| id | name | type |
description |
+----------------------------------+----------+--------------+------------------------------+
| 26b4ab0f46904930bc907ddf8204f09b | volume | volume | Nova Volume
Service |
| 39d9a621022543c3aecc52734080725e | glance | image | Glance Image
Service |
| 5b5d4d9edd2d45fab7a64a284349988c | swift | object-store | Swift Object
Storage Service |
| 769f19f0d056482988558d6c611f2df8 | nova | compute | Nova Compute
Service |
| a59de4515aae4e36b7a94ed2ad008fbe | ec2 | ec2 | EC2
Compatibility Layer |
| c77e502d8a8e42b18cfed9a6c4d35b9e | keystone | identity | Keystone
Identity Service |
+----------------------------------+----------+--------------+------------------------------+
# keystone --os-cacert /usr/share/pyshared/httplib2/cacerts.txt service-list
+----------------------------------+----------+--------------+------------------------------+
| id | name | type |
description |
+----------------------------------+----------+--------------+------------------------------+
| 26b4ab0f46904930bc907ddf8204f09b | volume | volume | Nova Volume
Service |
| 39d9a621022543c3aecc52734080725e | glance | image | Glance Image
Service |
| 5b5d4d9edd2d45fab7a64a284349988c | swift | object-store | Swift Object
Storage Service |
| 769f19f0d056482988558d6c611f2df8 | nova | compute | Nova Compute
Service |
| a59de4515aae4e36b7a94ed2ad008fbe | ec2 | ec2 | EC2
Compatibility Layer |
| c77e502d8a8e42b18cfed9a6c4d35b9e | keystone | identity | Keystone
Identity Service |
+----------------------------------+----------+--------------+------------------------------+
# env | grep http
OS_AUTH_URL=https://keystone.sy3.aptira.com:5000
SERVICE_ENDPOINT=https://auth.aptira.com:35357/v2.0
** Tags removed: verification-needed
** Tags added: verification-failed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1064835
Title:
[SRU] keystoneclient fails on SSL certificates that work for other
services
To manage notifications about this bug go to:
https://bugs.launchpad.net/python-keystoneclient/+bug/1064835/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs