Bug 1303156 - pki.client.PKIConnection should ignore env vars such as http_proxy
pki.client.PKIConnection should ignore env vars such as http_proxy
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: pki-core (Show other bugs)
Unspecified Unspecified
unspecified Severity unspecified
: rc
: 7.3
Assigned To: Christian Heimes
Asha Akkiangady
Depends On:
  Show dependency treegraph
Reported: 2016-01-29 12:33 EST by Matthew Harmsen
Modified: 2016-11-04 01:22 EDT (History)
2 users (show)

See Also:
Fixed In Version: pki-core-10.3.1-1.el7
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2016-11-04 01:22:45 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Matthew Harmsen 2016-01-29 12:33:13 EST
PKIConnection uses python-requests to handle HTTP connections to the server. requests inspects env vars such as http_proxy and https_proxy for HTTP proxy server location, REQUESTS_CA_BUNDLE and CURL_CA_BUNDLE to override the trust store location as well as ~/.netrc for authentication. This can cause hard to debug issues such as installation failures. See https://fedorahosted.org/freeipa/ticket/5555 for background.

The feature can be disabled easily: https://requests.readthedocs.org/en/latest/api/?highlight=trust_env#requests.Session.trust_env

I propose to have it disabled by default. It's a one line fix (two with comment, three if we want a flag in PKIConnection.__init__()).
Comment 1 Matthew Harmsen 2016-01-29 12:34:21 EST
This issue has been fixed in PKI TRAC Ticket #1733.
Comment 2 Mike McCune 2016-03-28 18:25:24 EDT
This bug was accidentally moved from POST to MODIFIED via an error in automation, please see mmccune@redhat.com with any questions
Comment 4 Sumedh Sidhaye 2016-08-10 06:46:21 EDT
Tested it by setting HTTP_PROXY / HTTPS_PROXY variable before running pkispawn.

pkispawn succeeds with no errors. Hence marking it as verified.

Tested with the following build:

pki-base.noarch          10.3.3-5.el7                                     
pki-base-java.noarch     10.3.3-5.el7                                     
pki-ca.noarch            10.3.3-5.el7                                     
pki-console.noarch       10.3.3-1.el7pki                                  
pki-javadoc.noarch       10.3.3-5.el7                                     
pki-kra.noarch           10.3.3-5.el7                                     
pki-ocsp.noarch          10.3.3-5.el7pki                                  
pki-server.noarch        10.3.3-5.el7                                     
pki-symkey.x86_64        10.3.3-5.el7                                     
pki-tks.noarch           10.3.3-5.el7pki                                  
pki-tools.x86_64         10.3.3-5.el7                                     
pki-tps.x86_64           10.3.3-5.el7pki
Comment 6 errata-xmlrpc 2016-11-04 01:22:45 EDT
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.