[openstack-dev] [All] Use of self signed certs in endpoints
Clint Byrum
clint at fewbar.com
Sun Nov 15 20:13:56 UTC 2015
Excerpts from Xav Paice's message of 2015-11-15 11:45:55 -0800:
> After having a brief discussion this morning (NZ time) on the
> #python-requests irc, it seems that using the system CA bundle is a "Not a
> chance" situation. They've tried, and found it unmaintainable due to the
> vast variations between system layouts (multiple OS, not just multiple
> distro). I can see their point.
>
Somehow we got all the distros and unices to agree where timezone, hosts,
etc. go. Perhaps it's time we form a group to get a single place. I
commend the requests authors for trying, and think this is something
that must affect other languages as well.
> Others have mentioned env vars not working particularly well either - which
> really leaves a config option and that is something that ops/deployers can
> tailor to suit their particular system without either the requests people
> nor the OpenStack people having to maintain.
>
Config option is fine. But I wonder if we could also just write a
wrapper that understands the distros we support, and picks the system
level one. There are, what, 2 schemes to support? 3?
More information about the OpenStack-dev
mailing list