> > However, I'd be willing to bet there's some cloud out there where at > least one of these services is owned by a separate team than Nova, who > uses a different CA than the rest of things. > It's not really a constraint as a cafile can contain one or more CA(s). Typical examples : * /usr/ssl/certs/ca-certificates.crt in Ubuntu * /etc/pki/tls/certs/ca-bundle.crt in idontremember * cacert.pem in requests python package deployed using pip Cédric/ZZelle -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20160402/275d7346/attachment.html>