From 387d09045fb37b71bc0f1980f16ca70bc071996c Mon Sep 17 00:00:00 2001
From: Christian Heimes <cheimes@redhat.com>
Date: Thu, 14 Jan 2016 13:22:33 +0100
Subject: Don't use settings like HTTP proxy from env vars during installation

The PKIConnection class uses python-requests for HTTPS. The library
picks up several settings from environment variables, e.g. HTTP proxy
server, certificate bundle with trust anchors and authentication. A
proxy can interfere with the Dogtag installer and cause some operations
to fail.

With session.trust_env = False python-requests no longer inspects the
environment and Dogtag has full controll over its connection settings.
For backward compatibility reasons trust_env is only disabled during
installation and removal of Dogtag.

https://requests.readthedocs.org/en/latest/api/?highlight=trust_env#requests.Session.trust_env

https://fedorahosted.org/pki/ticket/1733
https://fedorahosted.org/freeipa/ticket/5555
---
 base/common/python/pki/client.py | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

(limited to 'base/common/python')

diff --git a/base/common/python/pki/client.py b/base/common/python/pki/client.py
index 7617a0b63..230c23651 100644
--- a/base/common/python/pki/client.py
+++ b/base/common/python/pki/client.py
@@ -50,7 +50,8 @@ class PKIConnection:
     """
 
     def __init__(self, protocol='http', hostname='localhost', port='8080',
-                 subsystem='ca', accept='application/json'):
+                 subsystem='ca', accept='application/json',
+                 trust_env=None):
         """
         Set the parameters for a python-requests based connection to a
         Dogtag subsystem.
@@ -65,6 +66,9 @@ class PKIConnection:
         :param accept: value of accept header.  Supported values are usually
            'application/json' or 'application/xml'
         :type accept: str
+        :param trust_env: use environment variables for http proxy and other
+           requests settings (default: yes)
+        :type trust_env: bool, None
         :return: PKIConnection object.
         """
 
@@ -78,6 +82,7 @@ class PKIConnection:
             self.subsystem
 
         self.session = requests.Session()
+        self.session.trust_env = trust_env
         if accept:
             self.session.headers.update({'Accept': accept})
 
-- 
cgit