Description of problem: pulp.bindings.server.DEFAULT_CA_PATH is set to '/etc/pki/tls/certs/' when it should be set to '/etc/pki/tls/certs/ca-bundle.crt'. This means that the bindings will not work with real root certificates unless the user explicitly sets the PulpConnection's ca_path __init__ parameter explicitly. Version-Release number of selected component (if applicable): 2.4.0-1 How reproducible: Every time Steps to Reproduce: 1. Use the Pulp bindings to make a connection to a server that is using an SSL certificate that is signed by a CA that you have installed into /etc/pki/tls/certs/ca-bundle.crt, but do not pass the ca_path parameter to PulpConnection.__init__(). Actual results: You should see an SSL trust failure raised from M2Crypto. Expected results: By default, we should work with root certificates installed at /etc/pki/tls/certs/ca-bundle.crt with no additional configuration.
https://github.com/pulp/pulp/pull/1167
merged to 2.5-dev and master
fixed in pulp 2.6.0-0.2.beta
verified Default in server.conf is [database] # verify_ssl: true # ca_path: /etc/pki/tls/certs/ca-bundle.crt
Moved to https://pulp.plan.io/issues/531