SSL Configuration for Common Client

Registered by Rob Crittenden on 2014-05-07

The Common Client library blueprint defines the basic goals of a common, shared client library within OpenStack. This blueprint expands on that to define how SSL is to be configured.

The common client will expose the following options, with these defaults:

 ca_certificates = get_system_ca_file()
 insecure = False
 ssl_compression = False

get_system_ca_file() comes from Heat and searches known global locations for the CA.

Ideally the system CA is configured correctly so there is nothing to do in the client except pass in a https endpoint.

Each server uses the configuration currently in the heat server which defines a common client configuration and per-client overrides:

 [ client ] (most likely always empty)

 [ client_<service> ]

There are three possible options

  ca_certificates_file = /path/to/file
  insecure = Boolean
  ssl_compression = Boolean

Blueprint information

Status:
Not started
Approver:
None
Priority:
Undefined
Drafter:
Rob Crittenden
Direction:
Needs approval
Assignee:
None
Definition:
New
Series goal:
None
Implementation:
Unknown
Milestone target:
None

Related branches

Sprints

Whiteboard

(?)

Work Items

This blueprint contains Public information 
Everyone can see this information.

Subscribers

No subscribers.