Project

Profile

Help

Actions
Send by e-mail Copy link

Story #789

closed

As a user, I can manage Nectar's trust through the system Certificate Authority store by default

Added by rbarlow about 9 years ago. Updated about 5 years ago.

Status:
CLOSED - NOTABUG
Priority:
Normal
Assignee:
-
Start date:
Due date:
% Done:

100%

Estimated time:
Platform Release:
Target Release - Nectar:
Groomed:
Yes
Sprint Candidate:
Yes
Tags:
Pulp 2
Sprint:
Quarter:

Description

Currently, python-requests ships with its own Certificate Authority store, at /usr/lib/python<version>/site-packages/requests/cacert.pem. This means that users cannot manage the certificate store that is used to verify remote Nectar connections using ordinary system management tools, as they might expect.

We should alter Nectar so that it configures python-requests to use the system certificate authority store by default.

Document this in release notes, including the small risk associated with changing the CA bundle.

Related issues

Related to Pulp - Issue #816: python-requests bundles libraries and CA certificates that should be separateCLOSED - CURRENTRELEASEjcline@redhat.comActions
Actions
Copy link
 #1

Updated by rbarlow about 9 years ago

  • Subject changed from As a user, Nectar uses the system Certificate Authority store by default to As a user, I can manage Nectar's trust through the system Certificate Authority store by default
Actions
Copy link
 #2

Updated by mhrivnak about 9 years ago

  • Description updated (diff)
  • Tags Groomed added
Actions
Copy link
 #3

Updated by mhrivnak about 9 years ago

  • Description updated (diff)
Actions
Copy link
 #4

Updated by bmbouter almost 9 years ago

  • Groomed set to Yes
  • Tags deleted (Groomed)
Actions
Copy link
 #5

Updated by bmbouter almost 9 years ago

  • Sprint Candidate set to Yes
  • Tags deleted (Sprint Candidate)
Actions
Copy link
 #6

Updated by jcline@redhat.com over 8 years ago

  • Related to Issue #816: python-requests bundles libraries and CA certificates that should be separate added

Added by Jeremy Cline over 8 years ago

Revision 880456df | View on GitHub

python-requests 2.6+ is now available on all platforms.

Originally, we carried python-requests because EL6 and EL7 had versions less than 2.2, which is required by Nectar. This is no longer the case, so we can stop building requests.

closes #816 closes #789

Added by Jeremy Cline over 8 years ago

Revision 880456df | View on GitHub

python-requests 2.6+ is now available on all platforms.

Originally, we carried python-requests because EL6 and EL7 had versions less than 2.2, which is required by Nectar. This is no longer the case, so we can stop building requests.

closes #816 closes #789

Actions
Copy link
 #7

Updated by Anonymous over 8 years ago

  • Status changed from NEW to MODIFIED
  • % Done changed from 0 to 100
Actions
Copy link
 #8

Updated by jcline@redhat.com over 8 years ago

  • Status changed from MODIFIED to CLOSED - NOTABUG

I'm closing this as NOTABUG because we are now using upstream python-requests (see related issue) which is packaged to use the system CA store. It would be nice to have a configuration option for Nectar, but it can also be accomplished by configuring python-requests.

Actions
Copy link
 #9

Updated by bmbouter about 5 years ago

  • Tags Pulp 2 added
Actions
Send by e-mail Copy link

Also available in: Atom PDF