« Previous | Next » 

Revision 6728a935

Added by balonik about 2 years ago

Avoid client certificate basenames shared between repos

Some older versions of the Yum client (such as those shipped with RedHat/CentOS 7) are compiled against nss which in turn considers certificates with the same basename as same certificates[1,2,3,4]. Pulp using repo directories to namespace client certificates (e.g /etc/pki/pulp/client/repo/foo/client.crt) leads to Yum refusing to use multiple protected repos simultaneously.

This patch works around the situation by generating cert file basenames with the repository name as a prefix.

Fixes: #3256

[1] [2] [3] [4]