Re: [Pulp-list] Pulp 2.6 vs 2.8 event notifier question

Wed, 03 Feb 2016 05:54:13 -0800 

Howdy, 

In the case where verification is occurring, how does a user who does not have 
access to the box Pulp is on, give Pulp the proper certificate so that Pulp can 
verify the URL being hit? 

Eric 

----- Original Message -----

> From: "Michael Hrivnak" <[email protected]>
> To: "Partha Aji" <[email protected]>
> Cc: "pulp-list" <[email protected]>
> Sent: Wednesday, February 3, 2016 7:09:05 AM
> Subject: Re: [Pulp-list] Pulp 2.6 vs 2.8 event notifier question

> Good point. In theory there shouldn't be any sensitive information in the
> POSTed data, but I can imagine some users wanting to maintain strict
> guarantees that no information leaks out through a man-in-the-middle attack.
> This notifier also has the option to provide username and password
> credentials when doing the POST, in which case a user definitely wouldn't
> want that to leak out.

> Would it be sufficient for you if we added an option to that notifier to skip
> cert verification, but make the default behavior to do the validation?

> Michael

> On Wed, Feb 3, 2016 at 1:39 AM, Partha Aji < [email protected] > wrote:

> > So katello uses pulp's http event notifiers to get information about
> > operations like "sync_complete". So Katello typically configures the event
> > notifiers to fire off to " https://localhost/katello/.... ." . In pulp 2.6
> > this used to work ok, but with pulp 2.8 we get issues like ""
> 
> > Feb 1 09:51:34 katello-yoda celery: raise SSLError(e, request=request)
> 
> > Feb 1 09:51:34 katello-yoda celery: SSLError: [SSL:
> > CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:765)
> 
> > ""
> 
> > when the notification fails. While we can try to add katello's cert to the
> > central ca-trust question arises on why pulp should require this.
> 

> > When an app has the authority to configure an event notification to any url
> > it chooses (be it http or https), why should pulp care for trusting the
> > certificate of the server its notifying ?.
> 

> > Partha
> 

> > _______________________________________________
> 
> > Pulp-list mailing list
> 
> > [email protected]
> 
> > https://www.redhat.com/mailman/listinfo/pulp-list
> 

> _______________________________________________
> Pulp-list mailing list
> [email protected]
> https://www.redhat.com/mailman/listinfo/pulp-list
_______________________________________________
Pulp-list mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/pulp-list

Reply via email to