pulp_python does not disable tls_validation when it is set to false on the remote #653
Labels
Comments
pulp-user333
changed the title
gerrod3
added a commit
to gerrod3/pulp_python
that referenced
this issue
Apr 9, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Version
Please provide the versions of the pulpcore and pulp_python packages in use, and how they are installed. If you are using Pulp via Katello, please provide the Katello version.
"core": "3.47.0"
"python": "3.11.0"
We are using docker compose to installed Pulp components.
Describe the bug
A clear and concise description of what the bug is.
When a Python remote is created for PyPI, using a HTTP proxy, and when TLS Validation is set to False, we are getting a certificate validation error when trying to sync the python repository with the PyPI remote.
To Reproduce
Steps to reproduce the behavior:
Create a Python Remote pointing to PyPI, with HTTP proxy, and TLS Validation set to False:
[
{
“pulp_href”: “/pulp/api/v3/remotes/python/python/018e3f85-b903-783a-a05a-f86fdabce839/”,
“pulp_created”: “2024-03-15T00:31:52.068466Z”,
“name”: “Test-PyPI”,
"url": “https://pypi.org/”,
“ca_cert”: null,
“client_cert”: null,
"tls_validation": false,
"proxy_url": “http://10.1.1.9:8080/”,
“pulp_labels”: {},
“pulp_last_updated”: “2024-03-18T15:58:31.957989Z”,
“download_concurrency”: null,
“max_retries”: null,
“policy”: “on_demand”,
“total_timeout”: null,
“connect_timeout”: null,
“sock_connect_timeout”: null,
“sock_read_timeout”: null,
“headers”: null,
“rate_limit”: null,
“hidden_fields”: [
{
“name”: “client_key”,
“is_set”: false
},
{
“name”: “proxy_username”,
“is_set”: false
},
{
“name”: “proxy_password”,
“is_set”: false
},
{
“name”: “username”,
“is_set”: false
},
{
“name”: “password”,
“is_set”: false
}
],
“includes”: [
“shelf-reader”
],
“excludes”: [],
“prereleases”: true,
“package_types”: [],
“keep_latest_packages”: 0,
“exclude_platforms”: []
}
]
Create a Python Repository:
[
{
"pulp_href": "/pulp/api/v3/repositories/python/python/018e3f85-bfde-7228-b620-68f8f49897aa/",
"pulp_created": "2024-03-15T00:31:53.823938Z",
"versions_href": "/pulp/api/v3/repositories/python/python/018e3f85-bfde-7228-b620-68f8f49897aa/versions/",
"pulp_labels": {},
"latest_version_href": "/pulp/api/v3/repositories/python/python/018e3f85-bfde-7228-b620-68f8f49897aa/versions/0/",
"name": "Test-PyPI",
"description": "",
"retain_repo_versions": null,
"remote": null,
"autopublish": false
}
]
Sync the repository with the remote:
pulp python repository sync --name Test-PyPI --remote Test-PyPI
The logs would generate the following error:
pulp-pulp_worker-1 | 2024-03-18T21:47:12.763642774Z aiohttp.client_exceptions.ClientConnectorCertificateError: Cannot connect to host pypi.org:443 ssl:True [SSLCertVerificationError: (1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1129)')]
Expected behavior
A clear and concise description of what you expected to happen.
TLS validation not to be performed on the remote when a sync is performed on the python repository and remote.
Additional context
Add any other context about the problem here. Please provide links to any previous discussions via Discourse or Bugzilla.
The text was updated successfully, but these errors were encountered: