diff options
| author | Christian Heimes <cheimes@redhat.com> | 2016-01-14 13:22:33 +0100 |
|---|---|---|
| committer | Christian Heimes <cheimes@redhat.com> | 2016-01-20 12:03:09 +0100 |
| commit | 387d09045fb37b71bc0f1980f16ca70bc071996c (patch) | |
| tree | b9ee1ff10bc91d5a2bee6948c33ceb813e8994a2 /base/server/python/pki/server/deployment/pkihelper.py | |
| parent | 5bf3a94a9c3374e34bf66fe5b1725ff9b49a1f3c (diff) | |
| download | pki-387d09045fb37b71bc0f1980f16ca70bc071996c.tar.gz pki-387d09045fb37b71bc0f1980f16ca70bc071996c.tar.xz pki-387d09045fb37b71bc0f1980f16ca70bc071996c.zip | |
Don't use settings like HTTP proxy from env vars during installation
The PKIConnection class uses python-requests for HTTPS. The library
picks up several settings from environment variables, e.g. HTTP proxy
server, certificate bundle with trust anchors and authentication. A
proxy can interfere with the Dogtag installer and cause some operations
to fail.
With session.trust_env = False python-requests no longer inspects the
environment and Dogtag has full controll over its connection settings.
For backward compatibility reasons trust_env is only disabled during
installation and removal of Dogtag.
https://requests.readthedocs.org/en/latest/api/?highlight=trust_env#requests.Session.trust_env
https://fedorahosted.org/pki/ticket/1733
https://fedorahosted.org/freeipa/ticket/5555
Diffstat (limited to 'base/server/python/pki/server/deployment/pkihelper.py')
| -rw-r--r-- | base/server/python/pki/server/deployment/pkihelper.py | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/base/server/python/pki/server/deployment/pkihelper.py b/base/server/python/pki/server/deployment/pkihelper.py index 43a404625..1db235826 100644 --- a/base/server/python/pki/server/deployment/pkihelper.py +++ b/base/server/python/pki/server/deployment/pkihelper.py @@ -1082,7 +1082,8 @@ class Instance: hostname=self.mdict['pki_hostname'], port=self.mdict['pki_https_port'], subsystem=self.mdict['pki_subsystem_type'], - accept='application/xml') + accept='application/xml', + trust_env=False) # catching all exceptions because we do not want to break if underlying # requests or urllib3 use a different exception. @@ -3025,7 +3026,8 @@ class KRAConnector: protocol='https', hostname=sechost, port=secport, - subsystem='ca') + subsystem='ca', + trust_env=False) sd = pki.system.SecurityDomainClient(sd_connection) try: info = sd.get_security_domain_info() @@ -3791,7 +3793,8 @@ class ConfigClient: protocol='https', hostname=self.mdict['pki_hostname'], port=self.mdict['pki_https_port'], - subsystem=self.mdict['pki_subsystem_type']) + subsystem=self.mdict['pki_subsystem_type'], + trust_env=False) try: client = pki.system.SystemConfigClient(connection) |