diff options
author | Christian Heimes <cheimes@redhat.com> | 2016-01-14 13:22:33 +0100 |
---|---|---|
committer | Christian Heimes <cheimes@redhat.com> | 2016-01-20 12:03:09 +0100 |
commit | 387d09045fb37b71bc0f1980f16ca70bc071996c (patch) | |
tree | b9ee1ff10bc91d5a2bee6948c33ceb813e8994a2 /base/server/python | |
parent | 5bf3a94a9c3374e34bf66fe5b1725ff9b49a1f3c (diff) | |
download | pki-387d09045fb37b71bc0f1980f16ca70bc071996c.tar.gz pki-387d09045fb37b71bc0f1980f16ca70bc071996c.tar.xz pki-387d09045fb37b71bc0f1980f16ca70bc071996c.zip |
Don't use settings like HTTP proxy from env vars during installation
The PKIConnection class uses python-requests for HTTPS. The library
picks up several settings from environment variables, e.g. HTTP proxy
server, certificate bundle with trust anchors and authentication. A
proxy can interfere with the Dogtag installer and cause some operations
to fail.
With session.trust_env = False python-requests no longer inspects the
environment and Dogtag has full controll over its connection settings.
For backward compatibility reasons trust_env is only disabled during
installation and removal of Dogtag.
https://requests.readthedocs.org/en/latest/api/?highlight=trust_env#requests.Session.trust_env
https://fedorahosted.org/pki/ticket/1733
https://fedorahosted.org/freeipa/ticket/5555
Diffstat (limited to 'base/server/python')
-rw-r--r-- | base/server/python/pki/server/deployment/pkihelper.py | 9 | ||||
-rw-r--r-- | base/server/python/pki/server/deployment/pkiparser.py | 6 |
2 files changed, 10 insertions, 5 deletions
diff --git a/base/server/python/pki/server/deployment/pkihelper.py b/base/server/python/pki/server/deployment/pkihelper.py index 43a404625..1db235826 100644 --- a/base/server/python/pki/server/deployment/pkihelper.py +++ b/base/server/python/pki/server/deployment/pkihelper.py @@ -1082,7 +1082,8 @@ class Instance: hostname=self.mdict['pki_hostname'], port=self.mdict['pki_https_port'], subsystem=self.mdict['pki_subsystem_type'], - accept='application/xml') + accept='application/xml', + trust_env=False) # catching all exceptions because we do not want to break if underlying # requests or urllib3 use a different exception. @@ -3025,7 +3026,8 @@ class KRAConnector: protocol='https', hostname=sechost, port=secport, - subsystem='ca') + subsystem='ca', + trust_env=False) sd = pki.system.SecurityDomainClient(sd_connection) try: info = sd.get_security_domain_info() @@ -3791,7 +3793,8 @@ class ConfigClient: protocol='https', hostname=self.mdict['pki_hostname'], port=self.mdict['pki_https_port'], - subsystem=self.mdict['pki_subsystem_type']) + subsystem=self.mdict['pki_subsystem_type'], + trust_env=False) try: client = pki.system.SystemConfigClient(connection) diff --git a/base/server/python/pki/server/deployment/pkiparser.py b/base/server/python/pki/server/deployment/pkiparser.py index 2b4479118..77a1cdf2d 100644 --- a/base/server/python/pki/server/deployment/pkiparser.py +++ b/base/server/python/pki/server/deployment/pkiparser.py @@ -478,7 +478,8 @@ class PKIConfigParser: protocol='https', hostname=self.mdict['pki_security_domain_hostname'], port=self.mdict['pki_security_domain_https_port'], - subsystem='ca') + subsystem='ca', + trust_env=False) def sd_get_info(self): sd = pki.system.SecurityDomainClient(self.sd_connection) @@ -545,7 +546,8 @@ class PKIConfigParser: protocol=parse.scheme, hostname=parse.hostname, port=str(parse.port), - subsystem=system_type) + subsystem=system_type, + trust_env=False) client = pki.system.SystemStatusClient(conn) response = client.get_status() root = ET.fromstring(response) |