#1733 pki.client.PKIConnection should ignore env vars such as http_proxy
Closed: Fixed None Opened 8 years ago by cheimes.

PKIConnection uses python-requests to handle HTTP connections to the server. requests inspects env vars such as http_proxy and https_proxy for HTTP proxy server location, REQUESTS_CA_BUNDLE and CURL_CA_BUNDLE to override the trust store location as well as ~/.netrc for authentication. This can cause hard to debug issues such as installation failures. See https://fedorahosted.org/freeipa/ticket/5555 for background.

The feature can be disabled easily: https://requests.readthedocs.org/en/latest/api/?highlight=trust_env#requests.Session.trust_env

I propose to have it disabled by default. It's a one line fix (two with comment, three if we want a flag in PKIConnection.init()).


Endi has suggested to keep proxy support enabled by default and only disabled it for installation and removal of PKI. I'll update the patch.

Per CS/DS meeting of 01/18/2016: 10.3 (patch already under review)

Pushed to master in 387d09045fb37b71bc0f1980f16ca70bc071996c

Metadata Update from @cheimes:
- Issue set to the milestone: 10.3.0

7 years ago

Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new
issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.

This issue has been cloned to GitHub and is available here:
https://github.com/dogtagpki/pki/issues/2291

If you want to receive further updates on the issue, please navigate to the
GitHub issue and click on Subscribe button.

Thank you for understanding, and we apologize for any inconvenience.

Login to comment on this ticket.

Metadata