SSL Configuration for Common Client

The Common Client library blueprint defines the basic goals of a common, shared client library within OpenStack. This blueprint expands on that to define how SSL is to be configured.

The common client will expose the following options, with these defaults:

 ca_certificates = get_system_ca_file()
 insecure = False
 ssl_compression = False

get_system_ca_file() comes from Heat and searches known global locations for the CA.

Ideally the system CA is configured correctly so there is nothing to do in the client except pass in a https endpoint.

Each server uses the configuration currently in the heat server which defines a common client configuration and per-client overrides:

 [ client ] (most likely always empty)

 [ client_<service> ]

There are three possible options

  ca_certificates_file = /path/to/file
  insecure = Boolean
  ssl_compression = Boolean