Glance Client

Use python-openssl for https connections

Registered by Stuart McLaren on 2012-09-20

Update VerifiedHTTPSConnection to use python-openssl for its connect method.

In Python 2.7 there are limited ssl features.

Using python-openssl would allow:

* The ability to disable SSL compression on a per connection basis for performance reasons. With compressed qcow2 images the download performance can increase by more than 400% when the redundant compression is disabled.
* Neater loading of the default system CA cert files.

Note that much of the functionality in python-openssl maps to Python 3.3 so if/when we move to a newer version of Python replacing the python-openssl code with Python 3.3 code should be simple.

Blueprint information

Status:: Complete

Approver:: Brian Waldon

Priority:: Medium

Drafter:: Stuart McLaren

Direction:: Approved

Assignee:: Stuart McLaren

Definition:: Approved

Series goal:: Accepted for v0

Implementation:: Implemented

Milestone target:: v0.6.0

Started by: Brian Waldon on 2012-09-25

Completed by: Brian Waldon on 2012-10-24

Related branches

Related bugs

Sprints

Whiteboard

Rough prototype of code to give an idea of the type of change: http://15.185.160.228/ssl.txt

qcow2 peformance example: http://15.185.160.228/ssl_comp.pdf

Gerrit topic: https://review.openstack.org/#q,topic:bp/ssl-connect-rework,n,z

Addressed by: https://review.openstack.org/13466
Implement blueprint ssl-connect-rework

(?)

Work Items

This blueprint contains Public information

Everyone can see this information.

Subscribers

Paul Bourke

stephen mulcahy

steve friday