Can you please verify that this change solves your problem: https://github.com/pulp/pulp-cli/pull/434
Thank you! On Fri, Nov 26, 2021 at 6:09 PM Konstantin M. Khankin <[email protected]> wrote: > > Hello! > > Today I got unpleasantly surprised about the inability to change the list of > CA certificates pulp-cli uses to verify SSL connections. Pulp-cli uses the > requests library, so I expected to be able to just specify REQUESTS_CA_BUNDLE > envvar and be happy. However, this did not work. So I added some print_tb() > here and there and saw this: > > ... > File > "/usr/local/lib/python3.6/site-packages/pulpcore/cli/python/content.py", line > 88, in upload > artifact_href = PulpArtifactContext(pulp_ctx).upload(file, chunk_size) > File "/usr/local/lib/python3.6/site-packages/pulpcore/cli/core/context.py", > line 43, in upload > result = self.list(limit=1, offset=0, parameters={"sha256": > sha256_digest}) > File > "/usr/local/lib/python3.6/site-packages/pulpcore/cli/common/context.py", line > 436, in list > result: Dict[str, Any] = self.pulp_ctx.call(self.LIST_ID, > parameters=payload) > File > "/usr/local/lib/python3.6/site-packages/pulpcore/cli/common/context.py", line > 134, in call > result = self.api.call(operation_id, *args, **kwargs) > File > "/usr/local/lib/python3.6/site-packages/pulpcore/cli/common/openapi.py", line > 263, in call > response: requests.Response = self._session.send(request) > File "/usr/local/lib/python3.6/site-packages/requests/sessions.py", line > 657, in send > r = adapter.send(request, **kwargs) > File "/usr/local/lib/python3.6/site-packages/requests/adapters.py", line > 420, in send > self.cert_verify(conn, request.url, verify, cert) > ... > > pulpcore/cli/common/openapi.py calls requests.Session.send(). This works, but > it means merge_environment_settings is not called, because it is in request() > (which later calls send()). This means envvar is not applied. > > I tried to abuse Python's dynamic typing and change the value of the > verify_ssl flag to what I'd put into the envvar, but click is smart enough to > catch this :( > > I found the FR to support custom CA certificates. It may be that this FR is > as easy as changing send() to request(), allowing users to use an already > existing mechanism from the requests library. > > Is there something which I missed? > > Thanks! > > -- > Konstantin Khankin > _______________________________________________ > Pulp-list mailing list > [email protected] > https://listman.redhat.com/mailman/listinfo/pulp-list _______________________________________________ Pulp-list mailing list [email protected] https://listman.redhat.com/mailman/listinfo/pulp-list
