Story #789
closedAs a user, I can manage Nectar's trust through the system Certificate Authority store by default
100%
Description
Currently, python-requests ships with its own Certificate Authority store, at /usr/lib/python<version>/site-packages/requests/cacert.pem. This means that users cannot manage the certificate store that is used to verify remote Nectar connections using ordinary system management tools, as they might expect.
We should alter Nectar so that it configures python-requests to use the system certificate authority store by default.
Document this in release notes, including the small risk associated with changing the CA bundle.
Related issues
Updated by rbarlow about 9 years ago
- Subject changed from As a user, Nectar uses the system Certificate Authority store by default to As a user, I can manage Nectar's trust through the system Certificate Authority store by default
Updated by mhrivnak about 9 years ago
- Description updated (diff)
- Tags Groomed added
Updated by bmbouter almost 9 years ago
- Groomed set to Yes
- Tags deleted (
Groomed)
Updated by bmbouter almost 9 years ago
- Sprint Candidate set to Yes
- Tags deleted (
Sprint Candidate)
Updated by jcline@redhat.com over 8 years ago
- Related to Issue #816: python-requests bundles libraries and CA certificates that should be separate added
Added by Jeremy Cline over 8 years ago
Added by Jeremy Cline over 8 years ago
Updated by Anonymous over 8 years ago
- Status changed from NEW to MODIFIED
- % Done changed from 0 to 100
Applied in changeset pulp:pulp|880456dfab312f4175f28423259867fb048fe5ef.
Updated by jcline@redhat.com over 8 years ago
- Status changed from MODIFIED to CLOSED - NOTABUG
I'm closing this as NOTABUG because we are now using upstream python-requests (see related issue) which is packaged to use the system CA store. It would be nice to have a configuration option for Nectar, but it can also be accomplished by configuring python-requests.
python-requests 2.6+ is now available on all platforms.
Originally, we carried python-requests because EL6 and EL7 had versions less than 2.2, which is required by Nectar. This is no longer the case, so we can stop building requests.
closes #816 closes #789