Configure and use SSL-related requests options

This patch adds standard SSL options to IPA config and makes use of them
when making HTTP requests.

For now, a single set of certificates is used when needed.
In the future configuration can be expanded to allow per-service
certificates.

Besides, the 'insecure' option (defaults to False) can be overridden
through kernel command line parameter 'ipa-insecure'.
This will allow running IPA in CI-like environments with self-signed SSL
certificates.

Change-Id: I259d9b3caa9ba1dc3d7382f375b8e086a5348d80
Closes-Bug: #1642515
This commit is contained in:
Pavlo Shchelokovskyy
2016-11-17 13:26:28 +02:00
parent 51ab461af8
commit fdd11b54a5
12 changed files with 198 additions and 5 deletions

@ -118,7 +118,9 @@ def call_inspector(data, failures):
encoder = encoding.RESTJSONEncoder()
data = encoder.encode(data)
resp = requests.post(CONF.inspection_callback_url, data=data)
verify, cert = utils.get_ssl_client_options(CONF)
resp = requests.post(CONF.inspection_callback_url, data=data,
verify=verify, cert=cert)
if resp.status_code >= 400:
LOG.error('inspector error %d: %s, proceeding with lookup',
resp.status_code, resp.content.decode('utf-8'))