Fix disable_ssl_certificate_validation values if ca_certificates file is defined In ClosingHttp.__init__, if disable_ssl_certification_validation is True and ca_certs is defined, tempest should not try to validate the ca_certificates file. If the certificate is self-signed, the validation will execute and fail. As it is right now if both of those values are defined, tempest.conf will try to validate the self-signed certs and it will fail. Instead, it should support self-signed certs that will not pass validation. The code should be refactored to correctly disable certificate validation even if the ca_cert location is provided. Change-Id: Iae42b5c2b4381947df71004613ca0a82b29730bb Closes-Bug: #1705769

commit: c6a79056ca6ecdfcb070a931e874d68a4a3b06df [log] [tgz]
author: Anna Pankiewicz <anna.pankiewicz@att.com> Mon Jul 24 10:38:35 2017 -0500
committer: Anna Pankiewicz <anna.pankiewicz@att.com> Mon Jul 31 13:00:50 2017 +0000
tree: 4686fa34e683fa14c0319664193424f76bb52b89
parent: 99e6d1acf78e248837863df93ff1c409a3b34fe9 [diff] [blame]
diff --git a/tempest/lib/common/http.py b/tempest/lib/common/http.py
index 8a47d44..b4b1fc9 100644
--- a/tempest/lib/common/http.py
+++ b/tempest/lib/common/http.py

@@ -25,8 +25,7 @@
         if disable_ssl_certificate_validation:
             urllib3.disable_warnings()
             kwargs['cert_reqs'] = 'CERT_NONE'
-
-        if ca_certs:
+        elif ca_certs:
             kwargs['cert_reqs'] = 'CERT_REQUIRED'
             kwargs['ca_certs'] = ca_certs
commit	c6a79056ca6ecdfcb070a931e874d68a4a3b06df	[log] [tgz]
author	Anna Pankiewicz <anna.pankiewicz@att.com>	Mon Jul 24 10:38:35 2017 -0500
committer	Anna Pankiewicz <anna.pankiewicz@att.com>	Mon Jul 31 13:00:50 2017 +0000
tree	4686fa34e683fa14c0319664193424f76bb52b89
parent	99e6d1acf78e248837863df93ff1c409a3b34fe9 [diff] [blame]