Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / packaging / sources / tempest / 1b11e2af0f216953062ded6ede69e0dcc7fb4be1^! / .
commit1b11e2af0f216953062ded6ede69e0dcc7fb4be1[log] [tgz]
authorMichael Polenchuk <mpolenchuk@mirantis.com>Thu Feb 11 19:54:35 2021 +0400
committerMitya_Eremeev <deremeev@mirantis.com>Wed Jan 19 15:07:15 2022 +0300
tree98a4598f94aa83eb1b05573315f7b1e028cb3cd4
parente4f8a19078ffcdf00ab5f7b6e5e0fc725f38a3dc [diff]
Pass CA certificate to object client

Closes-Bug: PRODX-11174
Change-Id: I617b9f11a15eb05989131616dcf5fcca8f0ddcc6
(cherry picked from commit 3a32ddbdf596ef48ba189501ac319b80ad8a460f)
(cherry picked from commit 08fb9d35d7ff44369f3b940d8ecc296fc2716439)

diff --git a/tempest/lib/common/rest_client.py b/tempest/lib/common/rest_client.py
index 00f2aeb..e17ccb7 100644
--- a/tempest/lib/common/rest_client.py
+++ b/tempest/lib/common/rest_client.py

@@ -94,6 +94,7 @@
         self.build_interval = build_interval
         self.build_timeout = build_timeout
         self.trace_requests = trace_requests
+        self.ca_certs = ca_certs
 
         self._skip_path = False
         self.general_header_lc = set(('cache-control', 'connection',

diff --git a/tempest/lib/services/object_storage/object_client.py b/tempest/lib/services/object_storage/object_client.py
index bb82975..63c4e2b 100644
--- a/tempest/lib/services/object_storage/object_client.py
+++ b/tempest/lib/services/object_storage/object_client.py

@@ -164,14 +164,11 @@
 
         :param parsed_url: parsed url of the remote location
         """
-        context = None
-        # If CONF.identity.disable_ssl_certificate_validation is true,
-        # do not check ssl certification.
-        if self.dscv:
-            context = ssl._create_unverified_context()
         if parsed_url.scheme == 'https':
-            conn = httplib.HTTPSConnection(parsed_url.netloc,
-                                           context=context)
+            conn = httplib.HTTPSConnection(
+                parsed_url.netloc,
+                context=ssl.create_default_context(cafile=self.ca_certs),
+            )
         else:
             conn = httplib.HTTPConnection(parsed_url.netloc)