[Pulp-list] Force pulp to use system CA

[Randy Barlow]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 03/17/2015 08:07 AM, Vladimir Stackov wrote:
> Is there any way to force pulp to use 
> /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt ?
> 
> I mean when I do # update-ca-trust enable; update-ca-trust extract 
> pulp still using
> /usr/lib/python2.7/site-packages/requests/cacert.pem instead of
> /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt

Hi Vladimir!

I too dislike this behavior. Unfortunately, there is not currently a
supported way to change the behavior in Pulp. I filed this issue to
track it:

https://pulp.plan.io/issues/789

I haven't tried this, but I wonder if it would work if you replaced
that cacert.pem with a symlink to the system store. Of course, it's
never a nice thing to change files that RPM is managing, so perhaps
that isn't a great solution.

- -- 
Randy Barlow
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJVCKJmAAoJEIyFaKUJtmpixqIP/1PczGTLYQyklDOYGyhuBpi8
zYPq3yBxqi5EyMKLd6y1pb8ny78QtdycKk18DUlXNBYXpEFEc8TTZw/QES4CKt9o
p0RcFNcAO6o8qtjtRS6iKMMMzoCGwmSg3pBpFF/FgsLGZaMb1O+lLLv6A0lTY/Rt
jswoJPk0YojEHMeURZL/GNQrWJ7LdDjonK/AcgbLbPxuRowTOq2LPGg7ukXWeLFj
p+qb3+wsqUScG8TxpGbFYxmNO0ypLb9K8ntd+a7oI/K7KHo917iafaBX+QgvokIR
ZRrr4wdTItd3n9qffiXR9OY5PGkjq2PZup/hafzgJG42i7rA5TMkdOf/dtLDbuoU
16wPN4bmBftLLLCZ2N964T2jwnnLbEaHNA6co8V5IVYCp7eldVO2+BZlWWtM2Fsc
COZnC4QYjJM9Ea+DB/aD+9T2t7nJJUs3jNdnZwIBGl6v83ne41ARc9wGcFpWGwvR
jrrm0v00KV7NlpdoQsPv0Y14AU9NtE5ZVYcG7B196VYQ4J+Nj6FBlOkmIAXNyFdc
p8skyS8NUwRmROdKgF9qfFbN1+Jkkl8VXRYq9A1sSncqPoZomyNUG4zNHLyyv5b6
xoRh5qwpzPHYhJ5j5Zjep7FaKzSkuF/T9Egyi7O8BVGHCVu/AGL1tZVHv8r2r2GP
Y4qfEv1HpCKPNo5UaKY1
=/Jdj
-----END PGP SIGNATURE-----