Bug 1326824

Summary: RFE: client: explicitly specify ssl root certificate
Product: [Internal] Red Hat Internal Copr Reporter: Pavel Raiskup <praiskup>
Component: clientAssignee: Copr Team <copr-team>
Status: ASSIGNED --- QA Contact:
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: unspecifiedCC: msuchy, mvadkert
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Pavel Raiskup 2016-04-13 13:26:28 UTC 
Probably request for:

$ copr --ssl-no-verify
Comment 1 Pavel Raiskup 2016-04-13 13:37:25 UTC 
FTR:
Package python-requests automatically looks at certificate bundle from
ca-certificates package.  However, in case you have pip'installed
python requests, note that it does not use ca-certificates bundle - and you
can possibly use the REQUESTS_CA_BUNDLE environment variable.
Comment 2 Miroslav Vadkerti 2016-04-13 13:50:26 UTC 
I would be more interested in a copr configuration option with which I could pass the required certificate.
Comment 3 Pavel Raiskup 2016-07-13 09:47:33 UTC 
Also, the actual report in case of missing certificate is:

===
$ copr-cli --config ~/.config/rhcopr list
Something went wrong:
Error: Connection error GET https://copr.devel.redhat.com/api/coprs/praiskup/
===

There could be better error report saying that HTTPS is the issue, reported
by Jakub.
Comment 4 Pavel Raiskup 2016-12-14 21:17:23 UTC 
(In reply to Miroslav Vadkerti from comment #2)
> I would be more interested in a copr configuration option with which I could
> pass the required certificate.

Fixing the $Summary accordingly.  Config option makes sense, as a complement
command line option makes sense too.
Comment 5 Pavel Raiskup 2017-01-17 13:35:34 UTC 
Also idea to consider:  What about to add the CA into configuration file
in-line?  (inspired by openvpn <ca></ca>)