Project

Profile

Help

Task #6224

Updated by daviddavis 2 months ago

In Automation Hub, we're syncing against a remote server using a ca cert. The remote server redirects to an S3 location which throws a SSLCertVerificationError. It appears that when setting a remote ca_cert[0], the system ca is ignored.

Talking with bmbouter, we think this is the correct behavior but it should be documented that setting a ca_cert on remote will cause the system ca cert to be ignored.

Also, we should also add a note such as "When syncing from a Pulp that has S3 set up (or any Remote or one that redirects to a different domain with a different cert), involves redirects, the CA chain will need to include all necessary certs."

[0] https://github.com/pulp/pulpcore/blob/bcbe95319d66772070a44ca5bd0987e712b93099/pulpcore/download/factory.py#L84-L85

Back