-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 03/17/2015 08:07 AM, Vladimir Stackov wrote: > Is there any way to force pulp to use > /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt ? > > I mean when I do # update-ca-trust enable; update-ca-trust extract > pulp still using > /usr/lib/python2.7/site-packages/requests/cacert.pem instead of > /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt > > I'm using pulp 2.5.1 on CentOS 7 from fedorapeople repos [1].
One more note: Two of us thought about this a lot, and we believe that our importers are the only component of Pulp that use Nectar, and that Nectar is the only part of Pulp that uses python-requests. This is important, because most (all?) of our importers do provide a way to specify a single CA certificate that should be used to verify the identity of the remote server during a sync. Perhaps that can help you? For example, in pulp-admin for Yum repositories, you can use the --feed-ca-cert flag to set the certificate authority that should be trusted for the sync. - -- Randy Barlow -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJVCK3UAAoJEIyFaKUJtmpiXzcP/AuvYdtH+7gpF4i9D/U214H7 Qr8RtzzcaSJDdVhpffycTvk7POpWDYNQ7h4XFcH5JG4wRF1ZCT/Libift11GkU1Y USBHvFTBGxTWU3LHfhEDvyA6kkHDi9vZQWya5eBrDGtyDd6KDE5sOWQYcV6Kgf3k Eoc0RSbluyxvaGfqjHL7OYaaBez4uFFP7B9NBZVKuwVnV/1VyZ8KbOGL8MfINoFk SrBwRhVSPtxKxyxST2sHGZdlcNN2r+dbAKgdRW9SXJHdZcCE5gJO0EffHZeKLecc xuktStjaZ3071bPuDi+B2LCl1FHgmoJ7+Rr9gUg7+fH6I/bgyPY/58vQOsBKaAwZ k74bCsx0EFCEKaKON8IQDKydWDdOYOqaLxhQaINS9La7IVbzl+Qj9gDk4GiTo3/T DgrdBy66cRYwBhnTm+jdspj+kWrpH2+BEBepXqFXaNF0t0ieapuuOptwCjc99M6i 73UTHD5uZJ3YrOeLNn88dRk5UuhS0RDziklugdljNeJivMPxxI6W/K3m4C7I7jxF YTxvR8C3ty3ELTnZuFuGWoXb6Zb8wVz2MrEV1/8MHMSPwyrc6R1mz69cWP5Qlj5H oBwDpITmY3D0q35EYGaSkDEWNrAMxGhWrS/iZVtnn/WC3U6s3slm/aW1jW/149oU lkxkAFmRh0tLjlc9wgZJ =Zc5b -----END PGP SIGNATURE----- _______________________________________________ Pulp-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/pulp-list
