Comment 5 for bug 1064835
Revision history for this message
| Sam Morrison (sorrison) wrote Re: keystoneclient fails on SSL certificates that work for other services | #5 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0e1f616
(Get the code!)
OK I have tracked this down. It looks to me that keystone-client is unusable with an an https keystone endpoint.
If --os-cacert is not set it will default to an empty string. This then gets passed down to underlying http classes and it will use the empty string as the ca path.
What needs to happen is that is this option is not set it needs to be set as None.
That way httplib will use the default CA path but only if it is None, None != "" for this checking.