Actions
Story #789
closedAs a user, I can manage Nectar's trust through the system Certificate Authority store by default
Status:
CLOSED - NOTABUG
Priority:
Normal
Assignee:
-
Start date:
Due date:
% Done:
100%
Estimated time:
Platform Release:
Target Release - Nectar:
Groomed:
Yes
Sprint Candidate:
Yes
Tags:
Pulp 2
Sprint:
Quarter:
Description
Currently, python-requests ships with its own Certificate Authority store, at /usr/lib/python<version>/site-packages/requests/cacert.pem. This means that users cannot manage the certificate store that is used to verify remote Nectar connections using ordinary system management tools, as they might expect.
We should alter Nectar so that it configures python-requests to use the system certificate authority store by default.
Document this in release notes, including the small risk associated with changing the CA bundle.
Related issues
Actions
python-requests 2.6+ is now available on all platforms.
Originally, we carried python-requests because EL6 and EL7 had versions less than 2.2, which is required by Nectar. This is no longer the case, so we can stop building requests.
closes #816 closes #789