Project

Profile

Help

Issue #531

closed

pulp.bindings.server.DEFAULT_CA_PATH does not point to a valid certificate pack

Added by rbarlow over 9 years ago. Updated over 4 years ago.

Status:
CLOSED - CURRENTRELEASE
Priority:
High
Assignee:
Category:
-
Sprint/Milestone:
-
Start date:
Due date:
Estimated time:
Severity:
2. Medium
Version:
2.4.0
Platform Release:
2.6.0
OS:
Triaged:
Yes
Groomed:
No
Sprint Candidate:
No
Tags:
Pulp 2
Sprint:
Quarter:

Description

Description of problem:
pulp.bindings.server.DEFAULT_CA_PATH is set to '/etc/pki/tls/certs/' when it should be set to '/etc/pki/tls/certs/ca-bundle.crt'. This means that the bindings will not work with real root certificates unless the user explicitly sets the PulpConnection's ca_path init parameter explicitly.

Version-Release number of selected component (if applicable):
2.4.0-1

How reproducible:
Every time

Steps to Reproduce:
1. Use the Pulp bindings to make a connection to a server that is using an SSL certificate that is signed by a CA that you have installed into /etc/pki/tls/certs/ca-bundle.crt, but do not pass the ca_path parameter to PulpConnection.__init__().

Actual results:
You should see an SSL trust failure raised from M2Crypto.

Expected results:
By default, we should work with root certificates installed at /etc/pki/tls/certs/ca-bundle.crt with no additional configuration.

+ This bug was cloned from Bugzilla Bug #1142376 +

Also available in: Atom PDF