Red Hat Bugzilla – Bug 1303156
pki.client.PKIConnection should ignore env vars such as http_proxy
Last modified: 2016-11-04 01:22:45 EDT
PKIConnection uses python-requests to handle HTTP connections to the server. requests inspects env vars such as http_proxy and https_proxy for HTTP proxy server location, REQUESTS_CA_BUNDLE and CURL_CA_BUNDLE to override the trust store location as well as ~/.netrc for authentication. This can cause hard to debug issues such as installation failures. See https://fedorahosted.org/freeipa/ticket/5555 for background.
The feature can be disabled easily: https://requests.readthedocs.org/en/latest/api/?highlight=trust_env#requests.Session.trust_env
I propose to have it disabled by default. It's a one line fix (two with comment, three if we want a flag in PKIConnection.__init__()).
This issue has been fixed in PKI TRAC Ticket #1733.
This bug was accidentally moved from POST to MODIFIED via an error in automation, please see firstname.lastname@example.org with any questions
Tested it by setting HTTP_PROXY / HTTPS_PROXY variable before running pkispawn.
pkispawn succeeds with no errors. Hence marking it as verified.
Tested with the following build:
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.