Re: [openstack-dev] [All] Use of self signed certs in endpoints

Setting an env var seems like a very straightforward way to do this, and means the deployer can easily control the specifics of what they want without any code changes - that suits me perfectly. Adding some documentation somewhere to that effect might be handy but this is indeed a bit of an edge c

Re: [openstack-dev] [All] Use of self signed certs in endpoints

> On 16 Nov 2015, at 11:54, Sean Dague wrote: > That sounds pretty reasonable to me. I definitely support the idea that > we should be using system CA by default, even if that means overriding > requests in our tools. Setting REQUESTS_CA_BUNDLE is absolutely the way to go about this. In requests

Re: [openstack-dev] [All] Use of self signed certs in endpoints

On 11/16/2015 01:03 AM, Jamie Lennox wrote: > > > On 14 November 2015 at 19:09, Xav Paice > wrote: > > Hi, > > I'm sure I'm not the only one that likes to use SSL everywhere > possible, and doesn't like to pay for 'real' ssl certs for dev > environmen

Re: [openstack-dev] [All] Use of self signed certs in endpoints

On 14 November 2015 at 19:09, Xav Paice wrote: > Hi, > > I'm sure I'm not the only one that likes to use SSL everywhere possible, > and doesn't like to pay for 'real' ssl certs for dev environments. > Figuring out how to get requests to allow connection to the self signed > cert would have paid f

Re: [openstack-dev] [All] Use of self signed certs in endpoints

On 11/15/2015 03:13 PM, Clint Byrum wrote: Excerpts from Xav Paice's message of 2015-11-15 11:45:55 -0800: After having a brief discussion this morning (NZ time) on the #python-requests irc, it seems that using the system CA bundle is a "Not a chance" situation. They've tried, and found it unma

Re: [openstack-dev] [All] Use of self signed certs in endpoints

Excerpts from Xav Paice's message of 2015-11-15 11:45:55 -0800: > After having a brief discussion this morning (NZ time) on the > #python-requests irc, it seems that using the system CA bundle is a "Not a > chance" situation. They've tried, and found it unmaintainable due to the > vast variations

Re: [openstack-dev] [All] Use of self signed certs in endpoints

After having a brief discussion this morning (NZ time) on the #python-requests irc, it seems that using the system CA bundle is a "Not a chance" situation. They've tried, and found it unmaintainable due to the vast variations between system layouts (multiple OS, not just multiple distro). I can s

Re: [openstack-dev] [All] Use of self signed certs in endpoints

Yeah, using the system CAs would be my preference but I do understand that in some cases, things in a virtual environment should stay in that virtual environment. Maybe the requests developers would prefer to see the whole thing isolated, but it does make things rather difficult when requests is a

Re: [openstack-dev] [All] Use of self signed certs in endpoints

On 11/15/2015 10:26 AM, Adam Young wrote: On 11/14/2015 03:09 AM, Xav Paice wrote: Hi, I'm sure I'm not the only one that likes to use SSL everywhere possible, and doesn't like to pay for 'real' ssl certs for dev environments. Figuring out how to get requests to allow connection to the self si

Re: [openstack-dev] [All] Use of self signed certs in endpoints

On 11/14/2015 03:09 AM, Xav Paice wrote: Hi, I'm sure I'm not the only one that likes to use SSL everywhere possible, and doesn't like to pay for 'real' ssl certs for dev environments. Figuring out how to get requests to allow connection to the self signed cert would have paid for a real cer

[openstack-dev] [All] Use of self signed certs in endpoints

Hi, I'm sure I'm not the only one that likes to use SSL everywhere possible, and doesn't like to pay for 'real' ssl certs for dev environments. Figuring out how to get requests to allow connection to the self signed cert would have paid for a real cert many times over. When I use an SSL cert with