Issue #531
closed
pulp.bindings.server.DEFAULT_CA_PATH does not point to a valid certificate pack
Description
Description of problem:
pulp.bindings.server.DEFAULT_CA_PATH is set to '/etc/pki/tls/certs/' when it should be set to '/etc/pki/tls/certs/ca-bundle.crt'. This means that the bindings will not work with real root certificates unless the user explicitly sets the PulpConnection's ca_path init parameter explicitly.
Version-Release number of selected component (if applicable):
2.4.0-1
How reproducible:
Every time
Steps to Reproduce:
1. Use the Pulp bindings to make a connection to a server that is using an SSL certificate that is signed by a CA that you have installed into /etc/pki/tls/certs/ca-bundle.crt, but do not pass the ca_path parameter to PulpConnection.__init__().
Actual results:
You should see an SSL trust failure raised from M2Crypto.
Expected results:
By default, we should work with root certificates installed at /etc/pki/tls/certs/ca-bundle.crt with no additional configuration.
+ This bug was cloned from Bugzilla Bug #1142376 +
Updated by cduryee over 9 years ago
https://github.com/pulp/pulp/pull/1167
+ This comment was cloned from Bugzilla #1142376 comment 1 +
Updated by cduryee over 9 years ago
merged to 2.5-dev and master
+ This comment was cloned from Bugzilla #1142376 comment 2 +
Updated by cduryee over 9 years ago
fixed in pulp 2.6.0-0.2.beta
+ This comment was cloned from Bugzilla #1142376 comment 3 +
Updated by pthomas@redhat.com over 9 years ago
verified
Default in server.conf is
[database]
- verify_ssl: true
- ca_path: /etc/pki/tls/certs/ca-bundle.crt
+ This comment was cloned from Bugzilla #1142376 comment 4 +
Updated by rbarlow over 9 years ago
- Status changed from 6 to CLOSED - CURRENTRELEASE
Updated by bmbouter over 4 years ago
- Category deleted (
14)
We are removing the 'API' category per open floor discussion June 16, 2020.
.