diff options
| author | Flavio Percoco <flaper87@gmail.com> | 2014-07-30 10:57:46 +0200 |
|---|---|---|
| committer | Flavio Percoco <flaper87@gmail.com> | 2014-10-30 09:06:02 +0100 |
| commit | 052904ba32f6e6075b023065bff684042c640c6a (patch) | |
| tree | 983e9de3290274a867c006ac9d36d1d3aaf0e811 /glanceclient/common/https.py | |
| parent | 8a877b2752162d6a2db43d7d61d6311c4f42285b (diff) | |
| download | python-glanceclient-052904ba32f6e6075b023065bff684042c640c6a.tar.gz | |
Don't replace the https handler in the poolmanager
In order to keep the support for `--ssl-nocompression` it was decided to
overwrite the https HTTPAdapter in `requests` poolmanager. Although this
seemed to work correctly, it was causing some issues when using
glanceclient from other services that rely on requests and that were
also configured to use TLS.
THis patch changes implements a different strategy by using
`glance+https` as the scheme to use when `no-compression` is requested.
Closes-bug: #1350251
Closes-bug: #1347150
Closes-bug: #1362766
Change-Id: Ib25237ba821ee20a561a163b79402d1375ebed0b
Diffstat (limited to 'glanceclient/common/https.py')
| -rw-r--r-- | glanceclient/common/https.py | 16 |
1 files changed, 14 insertions, 2 deletions
diff --git a/glanceclient/common/https.py b/glanceclient/common/https.py index 4f0e6f5..6baa6af 100644 --- a/glanceclient/common/https.py +++ b/glanceclient/common/https.py @@ -50,6 +50,7 @@ except ImportError: from glanceclient import exc +from glanceclient.openstack.common import strutils def to_bytes(s): @@ -72,9 +73,16 @@ class HTTPSAdapter(adapters.HTTPAdapter): def __init__(self, *args, **kwargs): # NOTE(flaper87): This line forces poolmanager to use # glanceclient HTTPSConnection - poolmanager.pool_classes_by_scheme["https"] = HTTPSConnectionPool + classes_by_scheme = poolmanager.pool_classes_by_scheme + classes_by_scheme["glance+https"] = HTTPSConnectionPool super(HTTPSAdapter, self).__init__(*args, **kwargs) + def request_url(self, request, proxies): + # NOTE(flaper87): Make sure the url is encoded, otherwise + # python's standard httplib will fail with a TypeError. + url = super(HTTPSAdapter, self).request_url(request, proxies) + return strutils.safe_encode(url) + def cert_verify(self, conn, url, verify, cert): super(HTTPSAdapter, self).cert_verify(conn, url, verify, cert) conn.ca_certs = verify[0] @@ -93,7 +101,7 @@ class HTTPSConnectionPool(connectionpool.HTTPSConnectionPool): be used just when the user sets --no-ssl-compression. """ - scheme = 'https' + scheme = 'glance+https' def _new_conn(self): self.num_connections += 1 @@ -150,6 +158,10 @@ class VerifiedHTTPSConnection(HTTPSConnection): self.cert_file = cert_file self.timeout = timeout self.insecure = insecure + # NOTE(flaper87): `is_verified` is needed for + # requests' urllib3. If insecure is True then + # the request is not `verified`, hence `not insecure` + self.is_verified = not insecure self.ssl_compression = ssl_compression self.cacert = None if cacert is None else str(cacert) self.set_context() |