Port "SSL Certificate Validation" documentation section.
Project: http://git-wip-us.apache.org/repos/asf/libcloud/repo Commit: http://git-wip-us.apache.org/repos/asf/libcloud/commit/73bd3828 Tree: http://git-wip-us.apache.org/repos/asf/libcloud/tree/73bd3828 Diff: http://git-wip-us.apache.org/repos/asf/libcloud/diff/73bd3828 Branch: refs/heads/trunk Commit: 73bd382891e6b168eafcb7e5dd04d5e1f62b4b6a Parents: 75ac8ca Author: Tomaz Muraus <[email protected]> Authored: Sat Aug 3 17:59:22 2013 +0200 Committer: Tomaz Muraus <[email protected]> Committed: Sat Aug 3 17:59:22 2013 +0200 ---------------------------------------------------------------------- docs/other/ssl-certificate-validation.rst | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/libcloud/blob/73bd3828/docs/other/ssl-certificate-validation.rst ---------------------------------------------------------------------- diff --git a/docs/other/ssl-certificate-validation.rst b/docs/other/ssl-certificate-validation.rst new file mode 100644 index 0000000..ec02782 --- /dev/null +++ b/docs/other/ssl-certificate-validation.rst @@ -0,0 +1,26 @@ +SSL Certificate Validation +========================== + +When establishing a secure connection to a cloud provider endpoint, +Libcloud verifies server SSL certificate. By default, Libcloud searches +paths listed in ``libcloud.security.CA_CERTS_PATH`` for CA certificate files. + +``CA_CERTS_PATH`` contains common paths to CA bundle installations on the +following platforms: + +* openssl on CentOS / Fedora +* ca-certificates on Debian / Ubuntu / Arch / Gentoo +* ca_root_nss on FreeBSD +* curl-ca-bundle on Mac OS X + +If no valid CA certificate files are found, you will see an error message +similar to the one bellow: + +``No CA Certificates were found in CA_CERTS_PATH.`` + +Acquiring CA Certificates +------------------------- + +If the above packages are unavailable to you, and you don't wish to roll +your own, the makers of cURL provides an excellent resource, generated +from Mozilla: http://curl.haxx.se/docs/caextract.html.
