Brant Knudson wrote:
On Wed, Jul 20, 2016 at 12:29 PM, Rob Crittenden <rcrit...@redhat.com <mailto:rcrit...@redhat.com>> wrote: Fixing Keystone is easy. An Apache VirtualHost for 443 needs to be added. But I found another, deeper problem: cinder won't listen on SSL. When they switched to using oslo_service for WSGI they completely removed the ability to use SSL. See bug https://bugs.launchpad.net/cinder/+bug/1590901 rob Problems like this should make us wonder why we're reimplementing basic functionality like TLS termination. Existing wsgi containers (uwsgi, gunicorn, and apache) all handle TLS termination just fine.
I'm not exactly sure what you mean. If you mean that doing native TLS in eventlet is not a great idea then we are in agreement. But to remove it will should require a plan, not an unexpected side-effect of another change.
rob __________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
