oslo-incubator

SSL Configuration for Common Client

Registered by Rob Crittenden on 2014-05-07

The Common Client library blueprint defines the basic goals of a common, shared client library within OpenStack. This blueprint expands on that to define how SSL is to be configured.

The common client will expose the following options, with these defaults:

ca_certificates = get_system_ca_file()
insecure = False
ssl_compression = False

get_system_ca_file() comes from Heat and searches known global locations for the CA.

Ideally the system CA is configured correctly so there is nothing to do in the client except pass in a https endpoint.

Each server uses the configuration currently in the heat server which defines a common client configuration and per-client overrides:

[ client ] (most likely always empty)

[ client_<service> ]

There are three possible options

  ca_certificates_file = /path/to/file
  insecure = Boolean
  ssl_compression = Boolean

Blueprint information

Status:: Not started

Approver:: None

Priority:: Undefined

Drafter:: Rob Crittenden

Direction:: Needs approval

Assignee:: None

Definition:: New

Series goal:: None

Implementation:: Unknown

Milestone target:: None

Related branches

Related bugs

Sprints

Whiteboard

(?)

Work Items

This blueprint contains Public information

Everyone can see this information.

Subscribers

No subscribers.