tkopecek / koji

Forked from koji 7 years ago
Clone
Source Code
GIT

19dabc0 client: use default CA store during client auth if serverca is unset

1 file Authored by ktdreyer 4 years ago, Committed by tkopecek 4 years ago,
raw patch tree parent
1 file changed. 1 lines added. 1 lines removed.
koji/__init__.py
file modified
+1 -1 
    client: use default CA store during client auth if serverca is unset
    
    Prior to this change, if the following conditions were true:
    
    1) A Koji client uses SSL authentication,
    2) The user does not set the "serverca" option for their profile,
    3) The user does not have a "~/.koji/serverca.crt" file present,
    
    Then Koji did not use the default CA store to validate the hub's CA.
    read_defaults() was setting the "serverca" value to an empty string ""
    in these cases. This led to an AuthError in ssl_login() for the empty
    string:
    
      raise AuthError("Server CA %s doesn't exist or is not accessible" % serverca)
    
    Update ssl_login() to ignore empty strings in this case, treating them
    the same as None.
    
    The code in _sendOneCall() already checks this value in a similar way,
    with "if verify:", so we're matching that behavior here.
    
    With this change, Koji clients will fall back to using the default CA
    store.
file modified
+1 -1
Powered by Pagure 5.14.1
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.