diff --git a/src/api-lib/vnc_api.py b/src/api-lib/vnc_api.py index c256f6c24ac..045abf1bf88 100644 --- a/src/api-lib/vnc_api.py +++ b/src/api-lib/vnc_api.py @@ -222,17 +222,12 @@ def __init__(self, username=None, password=None, tenant_name=None, apicafile=_read_cfg(cfg_parser,'global','cafile','') self._use_api_certs=False - if api_server_use_ssl: - certs = [] - if apicafile: - certs.append(apicafile) - if apicertfile: - certs.append(apicertfile) - if apikeyfile: - certs.append(apikeyfile) - if certs: - self._apicertbundle=utils.getCertKeyCaBundle(VncApi._DEFAULT_API_CERT_BUNDLE,certs) - self._use_api_certs=True + if apicafile and api_server_use_ssl: + certs=[apicafile] + if apikeyfile and apicertfile: + certs=[apicertfile, apikeyfile, apicafile] + self._apicertbundle=utils.getCertKeyCaBundle(VncApi._DEFAULT_API_CERT_BUNDLE,certs) + self._use_api_certs=True # keystone SSL support try: @@ -246,17 +241,12 @@ def __init__(self, username=None, password=None, tenant_name=None, kscafile=_read_cfg(cfg_parser,'auth','cafile','') self._use_ks_certs=False - if self._authn_protocol == 'https': - certs = [] - if kscafile: - certs.append(kscafile) - if kscertfile: - certs.append(kscertfile) - if kskeyfile: - certs.append(kskeyfile) - if certs: - self._kscertbundle=utils.getCertKeyCaBundle(VncApi._DEFAULT_KS_CERT_BUNDLE,certs) - self._use_ks_certs=True + if kscafile and self._authn_protocol == 'https': + certs=[kscafile] + if kskeyfile and kscertfile: + certs=[kscertfile, kskeyfile, kscafile] + self._kscertbundle=utils.getCertKeyCaBundle(VncApi._DEFAULT_KS_CERT_BUNDLE,certs) + self._use_ks_certs=True if 'v2' in self._authn_url: self._authn_body = \ diff --git a/src/config/api-server/vnc_auth_keystone.py b/src/config/api-server/vnc_auth_keystone.py index b3425b622f3..6e3969bd0ed 100644 --- a/src/config/api-server/vnc_auth_keystone.py +++ b/src/config/api-server/vnc_auth_keystone.py @@ -141,10 +141,11 @@ class AuthServiceKeystone(object): def __init__(self, server_mgr, args): _kscertbundle='' - if args.certfile and args.keyfile and args.cafile \ - and args.auth_protocol == 'https': - certs=[args.certfile, args.keyfile, args.cafile] - _kscertbundle=cfgmutils.getCertKeyCaBundle(_DEFAULT_KS_CERT_BUNDLE,certs) + if args.auth_protocol == 'https' and args.cafile: + certs=[args.cafile] + if args.keyfile and args.certfile: + certs=[args.certfile, args.keyfile, args.cafile] + _kscertbundle=cfgmutils.getCertKeyCaBundle(_DEFAULT_KS_CERT_BUNDLE,certs) identity_uri = '%s://%s:%s' % (args.auth_protocol, args.auth_host, args.auth_port) self._conf_info = { 'auth_host': args.auth_host, diff --git a/src/config/vnc_openstack/vnc_openstack/__init__.py b/src/config/vnc_openstack/vnc_openstack/__init__.py index c1989982ece..a9430d2c719 100644 --- a/src/config/vnc_openstack/vnc_openstack/__init__.py +++ b/src/config/vnc_openstack/vnc_openstack/__init__.py @@ -82,10 +82,12 @@ def fill_keystone_opts(obj, conf_sections): obj._kscertbundle='' obj._use_certs=False - if obj._certfile and obj._keyfile and obj._cafile: - certs=[obj._certfile,obj._keyfile,obj._cafile] - obj._kscertbundle=cfgmutils.getCertKeyCaBundle(_DEFAULT_KS_CERT_BUNDLE,certs) - obj._use_certs=True + if obj._certfile: + certs = [obj._certfile] + if obj._keyfile and obj._cafile: + certs=[obj._certfile,obj._keyfile,obj._cafile] + obj._kscertbundle=cfgmutils.getCertKeyCaBundle(_DEFAULT_KS_CERT_BUNDLE,certs) + obj._use_certs=True try: obj._auth_url = conf_sections.get('KEYSTONE', 'auth_url')