openid certificate validation.

[Mark Hammond]

I'm having trouble doing the openid login to the google openid URL. The
error I see looks like:

14:57:33,210 INFO [storm.config.auth] [worker 1] redirecting to
'/openid_login.html' due to openid discovery failure: Error fetching
XRDS document: (60, 'SSL certificate problem, verify that the CA cert is
OK. Details:\nerror:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed')

what seems to be happening is that openid uses pycurl if available
(which is it for me), and that is throwing the error. According to
http://www.cozmanova.com/node/8, this means new certificates need to be
installed.

Can you confirm you *do not* have pycurl installed? If not, I think we
need the following patch which makes things work for me (although you
may like to adjust the log levels - note I also pushed a change which
re-enables logging for storm...)

While this isn't a good option long term (I think it means the
certificates are simply not being validated when not using pycurl), it
might be necessary in the short term. What do you think?

Mark

[Shane Caraveo]

I don't have pycurl installed, we should switch to that and install any
certs we need for the services we'll support, but that can happen later
in the cycle.
Shane