=== modified file 'debian/changelog'
--- debian/changelog	2015-03-19 09:32:05 +0000
+++ debian/changelog	2015-03-20 15:53:53 +0000
@@ -1,3 +1,10 @@
+keystone (1:2014.1.4-0ubuntu1.1) UNRELEASED; urgency=medium
+
+  * Support new version of Python 2.7 (LP: #1434575):
+    - d/p/pep-0476.patch: PEP 476 updates.
+
+ -- Corey Bryant <corey.bryant@canonical.com>  Fri, 20 Mar 2015 09:56:45 -0400
+
 keystone (1:2014.1.4-0ubuntu1) trusty; urgency=medium
 
   * Resynchronize with stable/icehouse (9aec35a) (LP: #1432608):

=== added file 'debian/patches/pep-0476.patch'
--- debian/patches/pep-0476.patch	1970-01-01 00:00:00 +0000
+++ debian/patches/pep-0476.patch	2015-03-20 15:53:53 +0000
@@ -0,0 +1,122 @@
+Description: Deal with PEP-0476
+Author: James Page <james.page@ubuntu.com>
+Forwarded: Need to submit backports once trunk fix is merged:
+           https://review.openstack.org/#/c/144988/
+
+--- a/keystone/tests/test_ssl.py
++++ b/keystone/tests/test_ssl.py
+@@ -35,8 +35,25 @@
+ class SSLTestCase(tests.TestCase):
+     def setUp(self):
+         super(SSLTestCase, self).setUp()
++        # NOTE(jamespage):
++        # Deal with more secure certification chain verficiation
++        # introduced in python 2.7.9 under PEP-0476
++        # https://github.com/python/peps/blob/master/pep-0476.txta
++        self.context = None
++        if "_create_unverified_context" in dir(ssl):
++            self.context = ssl._create_unverified_context()
+         self.load_backends()
+ 
++    def get_HTTPSConnection(self, *args):
++        """Simple helper to configure HTTPSConnection objects"""
++        if self.context:
++            return self.get_HTTPSConnection(
++                *args,
++                context=self.context
++            )
++        else:
++            return self.get_HTTPSConnection(*args)
++
+     def test_1way_ssl_ok(self):
+         """Make sure both public and admin API work with 1-way SSL."""
+         paste_conf = self._paste_config('keystone')
+@@ -44,7 +61,7 @@
+ 
+         # Verify Admin
+         with appserver.AppServer(paste_conf, appserver.ADMIN, **ssl_kwargs):
+-            conn = environment.httplib.HTTPSConnection(
++            conn = self.get_HTTPSConnection(
+                 '127.0.0.1', CONF.admin_port)
+             conn.request('GET', '/')
+             resp = conn.getresponse()
+@@ -52,7 +69,7 @@
+ 
+         # Verify Public
+         with appserver.AppServer(paste_conf, appserver.MAIN, **ssl_kwargs):
+-            conn = environment.httplib.HTTPSConnection(
++            conn = self.get_HTTPSConnection(
+                 '127.0.0.1', CONF.public_port)
+             conn.request('GET', '/')
+             resp = conn.getresponse()
+@@ -68,7 +85,7 @@
+ 
+         # Verify Admin
+         with appserver.AppServer(paste_conf, appserver.ADMIN, **ssl_kwargs):
+-            conn = environment.httplib.HTTPSConnection(
++            conn = self.get_HTTPSConnection(
+                 '127.0.0.1', CONF.admin_port, CLIENT, CLIENT)
+             conn.request('GET', '/')
+             resp = conn.getresponse()
+@@ -76,7 +93,7 @@
+ 
+         # Verify Public
+         with appserver.AppServer(paste_conf, appserver.MAIN, **ssl_kwargs):
+-            conn = environment.httplib.HTTPSConnection(
++            conn = self.get_HTTPSConnection(
+                 '127.0.0.1', CONF.public_port, CLIENT, CLIENT)
+             conn.request('GET', '/')
+             resp = conn.getresponse()
+@@ -91,14 +108,14 @@
+ 
+         # Verify Admin
+         with appserver.AppServer(paste_conf, appserver.ADMIN, **ssl_kwargs):
+-            conn = environment.httplib.HTTPSConnection('::1', CONF.admin_port)
++            conn = self.get_HTTPSConnection('::1', CONF.admin_port)
+             conn.request('GET', '/')
+             resp = conn.getresponse()
+             self.assertEqual(300, resp.status)
+ 
+         # Verify Public
+         with appserver.AppServer(paste_conf, appserver.MAIN, **ssl_kwargs):
+-            conn = environment.httplib.HTTPSConnection('::1', CONF.public_port)
++            conn = self.get_HTTPSConnection('::1', CONF.public_port)
+             conn.request('GET', '/')
+             resp = conn.getresponse()
+             self.assertEqual(300, resp.status)
+@@ -116,7 +133,7 @@
+ 
+         # Verify Admin
+         with appserver.AppServer(paste_conf, appserver.ADMIN, **ssl_kwargs):
+-            conn = environment.httplib.HTTPSConnection(
++            conn = self.get_HTTPSConnection(
+                 '::1', CONF.admin_port, CLIENT, CLIENT)
+             conn.request('GET', '/')
+             resp = conn.getresponse()
+@@ -124,7 +141,7 @@
+ 
+         # Verify Public
+         with appserver.AppServer(paste_conf, appserver.MAIN, **ssl_kwargs):
+-            conn = environment.httplib.HTTPSConnection(
++            conn = self.get_HTTPSConnection(
+                 '::1', CONF.public_port, CLIENT, CLIENT)
+             conn.request('GET', '/')
+             resp = conn.getresponse()
+@@ -137,7 +154,7 @@
+ 
+         # Verify Admin
+         with appserver.AppServer(paste_conf, appserver.ADMIN, **ssl_kwargs):
+-            conn = environment.httplib.HTTPSConnection(
++            conn = self.get_HTTPSConnection(
+                 '127.0.0.1', CONF.admin_port)
+             try:
+                 conn.request('GET', '/')
+@@ -147,7 +164,7 @@
+ 
+         # Verify Public
+         with appserver.AppServer(paste_conf, appserver.MAIN, **ssl_kwargs):
+-            conn = environment.httplib.HTTPSConnection(
++            conn = self.get_HTTPSConnection(
+                 '127.0.0.1', CONF.public_port)
+             try:
+                 conn.request('GET', '/')

=== modified file 'debian/patches/series'
--- debian/patches/series	2014-08-11 12:37:33 +0000
+++ debian/patches/series	2015-03-20 15:53:53 +0000
@@ -3,3 +3,4 @@
 sql_connection.patch
 add-version-info.patch
 ubuntu-test-overrides.patch
+pep-0476.patch