diff options
| author | Christian Heimes <cheimes@redhat.com> | 2016-01-14 13:22:33 +0100 |
|---|---|---|
| committer | Christian Heimes <cheimes@redhat.com> | 2016-01-20 12:03:09 +0100 |
| commit | 387d09045fb37b71bc0f1980f16ca70bc071996c (patch) | |
| tree | b9ee1ff10bc91d5a2bee6948c33ceb813e8994a2 /base/common/python/pki | |
| parent | 5bf3a94a9c3374e34bf66fe5b1725ff9b49a1f3c (diff) | |
| download | pki-387d09045fb37b71bc0f1980f16ca70bc071996c.tar.gz pki-387d09045fb37b71bc0f1980f16ca70bc071996c.tar.xz pki-387d09045fb37b71bc0f1980f16ca70bc071996c.zip | |
Don't use settings like HTTP proxy from env vars during installation
The PKIConnection class uses python-requests for HTTPS. The library
picks up several settings from environment variables, e.g. HTTP proxy
server, certificate bundle with trust anchors and authentication. A
proxy can interfere with the Dogtag installer and cause some operations
to fail.
With session.trust_env = False python-requests no longer inspects the
environment and Dogtag has full controll over its connection settings.
For backward compatibility reasons trust_env is only disabled during
installation and removal of Dogtag.
https://requests.readthedocs.org/en/latest/api/?highlight=trust_env#requests.Session.trust_env
https://fedorahosted.org/pki/ticket/1733
https://fedorahosted.org/freeipa/ticket/5555
Diffstat (limited to 'base/common/python/pki')
| -rw-r--r-- | base/common/python/pki/client.py | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/base/common/python/pki/client.py b/base/common/python/pki/client.py index 7617a0b63..230c23651 100644 --- a/base/common/python/pki/client.py +++ b/base/common/python/pki/client.py @@ -50,7 +50,8 @@ class PKIConnection: """ def __init__(self, protocol='http', hostname='localhost', port='8080', - subsystem='ca', accept='application/json'): + subsystem='ca', accept='application/json', + trust_env=None): """ Set the parameters for a python-requests based connection to a Dogtag subsystem. @@ -65,6 +66,9 @@ class PKIConnection: :param accept: value of accept header. Supported values are usually 'application/json' or 'application/xml' :type accept: str + :param trust_env: use environment variables for http proxy and other + requests settings (default: yes) + :type trust_env: bool, None :return: PKIConnection object. """ @@ -78,6 +82,7 @@ class PKIConnection: self.subsystem self.session = requests.Session() + self.session.trust_env = trust_env if accept: self.session.headers.update({'Accept': accept}) |