Merge "Fix SSL cert error in nfv-vim for rehomed subcloud"

nfv/nfv-common/nfv_common/helpers.py

@@ -5,6 +5,7 @@
 #
 import errno
 import functools
+import os
 import select
 import socket
 
@@ -114,3 +115,17 @@ def get_local_host_name():
     Returns the name of the local host
     """
     return socket.gethostname()
+
+
+def get_system_ca_file():
+    """Return path to system default CA file."""
+    # Standard CA file locations for Debian/Ubuntu, RedHat/Fedora,
+    # Suse, FreeBSD/OpenBSD
+    ca_path = ['/etc/ssl/certs/ca-certificates.crt',
+               '/etc/pki/tls/certs/ca-bundle.crt',
+               '/etc/ssl/ca-bundle.pem',
+               '/etc/ssl/cert.pem']
+    for ca in ca_path:
+        if os.path.exists(ca):
+            return ca
+    return None

nfv/nfv-plugins/nfv_plugins/nfvi_plugins/openstack/rest_api.py

@@ -13,6 +13,7 @@ from six.moves import socketserver as SocketServer
 from six.moves import urllib
 
 import socket
+import ssl
 import struct
 
 from nfv_common import debug
@@ -20,6 +21,7 @@ from nfv_common import selobj
 from nfv_common import timers
 
 from nfv_common.helpers import coroutine
+from nfv_common.helpers import get_system_ca_file
 from nfv_common.helpers import Object
 from nfv_common.helpers import Result
 
@@ -341,8 +343,13 @@ def _rest_api_request(token_id,
             response_raw = request.text
             request.close()
         else:
+            ca_file = get_system_ca_file()
+            ssl_context = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH,
+                                                     cafile=ca_file)
+
             request = urllib.request.urlopen(request_info,
-                                             timeout=timeout_in_secs)
+                                             timeout=timeout_in_secs,
+                                             context=ssl_context)
             headers = list()  # list of tuples
             for key, value in request.info().items():
                 if key not in headers_per_hop: