diff --git a/nfv/nfv-common/nfv_common/helpers.py b/nfv/nfv-common/nfv_common/helpers.py index 85d22cd9..ada85c99 100755 --- a/nfv/nfv-common/nfv_common/helpers.py +++ b/nfv/nfv-common/nfv_common/helpers.py @@ -5,6 +5,7 @@ # import errno import functools +import os import select import socket @@ -114,3 +115,17 @@ def get_local_host_name(): Returns the name of the local host """ return socket.gethostname() + + +def get_system_ca_file(): + """Return path to system default CA file.""" + # Standard CA file locations for Debian/Ubuntu, RedHat/Fedora, + # Suse, FreeBSD/OpenBSD + ca_path = ['/etc/ssl/certs/ca-certificates.crt', + '/etc/pki/tls/certs/ca-bundle.crt', + '/etc/ssl/ca-bundle.pem', + '/etc/ssl/cert.pem'] + for ca in ca_path: + if os.path.exists(ca): + return ca + return None diff --git a/nfv/nfv-plugins/nfv_plugins/nfvi_plugins/openstack/rest_api.py b/nfv/nfv-plugins/nfv_plugins/nfvi_plugins/openstack/rest_api.py index 9d1577dc..a01acb47 100755 --- a/nfv/nfv-plugins/nfv_plugins/nfvi_plugins/openstack/rest_api.py +++ b/nfv/nfv-plugins/nfv_plugins/nfvi_plugins/openstack/rest_api.py @@ -13,6 +13,7 @@ from six.moves import socketserver as SocketServer from six.moves import urllib import socket +import ssl import struct from nfv_common import debug @@ -20,6 +21,7 @@ from nfv_common import selobj from nfv_common import timers from nfv_common.helpers import coroutine +from nfv_common.helpers import get_system_ca_file from nfv_common.helpers import Object from nfv_common.helpers import Result @@ -341,8 +343,13 @@ def _rest_api_request(token_id, response_raw = request.text request.close() else: + ca_file = get_system_ca_file() + ssl_context = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH, + cafile=ca_file) + request = urllib.request.urlopen(request_info, - timeout=timeout_in_secs) + timeout=timeout_in_secs, + context=ssl_context) headers = list() # list of tuples for key, value in request.info().items(): if key not in headers_per_hop: