On Thu, Nov 12, 2015, at 07:54 AM, Mike Dorman wrote: > We’ve run into this, too, and it’s been a frustration for a while. No > way to tell python-requests to use a different cacert file (that I know > of), and (at least in the packaging we use), the packaged cacert.pem file > isn’t marked as a configuration file, meaning that it gets overwritten > any time the package is upgraded. > After a quick chat on IRC with one of the requests devs [0] I found you can set CURL_CA_BUNDLE and REQUESTS_CA_BUNDLE environment variables to set a non default path. That is documented at [1].
It was also mentioned that if writing the code yourself you can pass the bundle in directly. If OpenStack projects don't currently accept this as a config option it probably makes sense to file bugs and/or add one for this (yay another config option). [0] http://eavesdrop.openstack.org/irclogs/%23openstack-infra/%23openstack-infra.2015-11-12.log.html#t2015-11-12T18:20:05 [1] http://docs.python-requests.org/en/latest/user/advanced/?highlight=ca_bundle#ssl-cert-verification Hope this helps, Clark _______________________________________________ OpenStack-operators mailing list OpenStack-operators@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
