From e94b27980e0576811e831c6a8789cbd056866dfc Mon Sep 17 00:00:00 2001 From: Ignatious Johnson Christopher Date: Wed, 19 Oct 2016 12:32:17 -0700 Subject: [PATCH] Making certfile/keyfile optional, so that vnc_api can rely on CA or CA/CERT. Change-Id: Iffb9bf9d8cf23fe3943335565bf2adaf878c5df8 Partial-Bug: 1630513 --- src/api-lib/vnc_api.py | 24 ++++++++++++++++++------ 1 file changed, 18 insertions(+), 6 deletions(-) diff --git a/src/api-lib/vnc_api.py b/src/api-lib/vnc_api.py index d21d37b2dba..f75828af743 100644 --- a/src/api-lib/vnc_api.py +++ b/src/api-lib/vnc_api.py @@ -222,9 +222,15 @@ def __init__(self, username=None, password=None, tenant_name=None, apicafile=_read_cfg(cfg_parser,'global','cafile','') self._use_api_certs=False - if apicertfile and apikeyfile \ - and apicafile and api_server_use_ssl: - certs=[apicertfile, apikeyfile, apicafile] + if api_server_use_ssl: + certs = [] + if apicafile: + certs.append(apicafile) + if apicertfile: + certs.append(apicertfile) + if apikeyfile: + certs.append(apikeyfile) + if certs: self._apicertbundle=utils.getCertKeyCaBundle(VncApi._DEFAULT_API_CERT_BUNDLE,certs) self._use_api_certs=True @@ -240,9 +246,15 @@ def __init__(self, username=None, password=None, tenant_name=None, kscafile=_read_cfg(cfg_parser,'auth','cafile','') self._use_ks_certs=False - if kscertfile and kskeyfile and kscafile \ - and self._authn_protocol == 'https': - certs=[kscertfile, kskeyfile, kscafile] + if self._authn_protocol == 'https': + certs = [] + if kscafile: + certs.append(kscafile) + if kscertfile: + certs.append(kscertfile) + if kskeytfile: + certs.append(kskeyfile) + if certs: self._kscertbundle=utils.getCertKeyCaBundle(VncApi._DEFAULT_KS_CERT_BUNDLE,certs) self._use_ks_certs=True