Hey James, in Katello, we do use GLOBAL CA CERT. Are we also affected with this bug? I understand it it only bites when using per-repo certs.
We only set cert_location in the repo_auth.conf. LZ On Thu, Feb 16, 2012 at 04:18:47PM -0500, James Slagle wrote: > I just fixed a bug which was sending down the wrong CA certificate to use to > verify the server during a yum operation on a pulp consumer. The fix has not > yet been included in a release, but if you're running from a git checkout, > this could affect your setup. > > The fix makes use of the ssl_ca_certificate configuration option in > /etc/pulp/pulp.conf. This option must be set to the full path of the CA > certificate that signed the server's httpd SSL certificate. If not set, it > will default to /etc/pki/pulp/ssl_ca.crt. The path must be readable by the > apache user. > > If you're using a self signed certificate, then provide the path to that > certificate, it serves as both the server certficiate and a CA certificate. > > If you have repo auth enabled in your pulp setup, be sure to make this > configuration change. > > Here's the bug with more detail: > https://bugzilla.redhat.com/show_bug.cgi?id=790157 > > -- > -- James Slagle > -- > > _______________________________________________ > katello-devel mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/katello-devel -- Later, Lukas Zapletal | E32E400A RHN Satellite Engineering Red Hat Czech s.r.o. Brno _______________________________________________ Pulp-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/pulp-list
