PKIConnection uses python-requests to handle HTTP connections to the server. requests inspects env vars such as http_proxy and https_proxy for HTTP proxy server location, REQUESTS_CA_BUNDLE and CURL_CA_BUNDLE to override the trust store location as well as ~/.netrc for authentication. This can cause hard to debug issues such as installation failures. See https://fedorahosted.org/freeipa/ticket/5555 for background.
The feature can be disabled easily: https://requests.readthedocs.org/en/latest/api/?highlight=trust_env#requests.Session.trust_env
I propose to have it disabled by default. It's a one line fix (two with comment, three if we want a flag in PKIConnection.init()).
Endi has suggested to keep proxy support enabled by default and only disabled it for installation and removal of PKI. I'll update the patch.
Per CS/DS meeting of 01/18/2016: 10.3 (patch already under review)
Pushed to master in 387d09045fb37b71bc0f1980f16ca70bc071996c
Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1303156
Metadata Update from @cheimes: - Issue set to the milestone: 10.3.0
Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.
This issue has been cloned to GitHub and is available here: https://github.com/dogtagpki/pki/issues/2291
If you want to receive further updates on the issue, please navigate to the GitHub issue and click on Subscribe button.
Subscribe
Thank you for understanding, and we apologize for any inconvenience.
Login to comment on this ticket.