Version
Please provide the versions of the pulpcore and pulp_python packages in use, and how they are installed. If you are using Pulp via Katello, please provide the Katello version.
"core": "3.47.0"
"python": "3.11.0"
We are using docker compose to installed Pulp components.
Describe the bug
A clear and concise description of what the bug is.
When a Python remote is created for PyPI, using a HTTP proxy, and when TLS Validation is set to False, we are getting a certificate validation error when trying to sync the python repository with the PyPI remote.
To Reproduce
Steps to reproduce the behavior:
Create a Python Remote pointing to PyPI, with HTTP proxy, and TLS Validation set to False:
[
{
“pulp_href”: “/pulp/api/v3/remotes/python/python/018e3f85-b903-783a-a05a-f86fdabce839/”,
“pulp_created”: “2024-03-15T00:31:52.068466Z”,
“name”: “Test-PyPI”,
"url": “https://pypi.org/”,
“ca_cert”: null,
“client_cert”: null,
"tls_validation": false,
"proxy_url": “http://10.1.1.9:8080/”,
“pulp_labels”: {},
“pulp_last_updated”: “2024-03-18T15:58:31.957989Z”,
“download_concurrency”: null,
“max_retries”: null,
“policy”: “on_demand”,
“total_timeout”: null,
“connect_timeout”: null,
“sock_connect_timeout”: null,
“sock_read_timeout”: null,
“headers”: null,
“rate_limit”: null,
“hidden_fields”: [
{
“name”: “client_key”,
“is_set”: false
},
{
“name”: “proxy_username”,
“is_set”: false
},
{
“name”: “proxy_password”,
“is_set”: false
},
{
“name”: “username”,
“is_set”: false
},
{
“name”: “password”,
“is_set”: false
}
],
“includes”: [
“shelf-reader”
],
“excludes”: [],
“prereleases”: true,
“package_types”: [],
“keep_latest_packages”: 0,
“exclude_platforms”: []
}
]
Create a Python Repository:
[
{
"pulp_href": "/pulp/api/v3/repositories/python/python/018e3f85-bfde-7228-b620-68f8f49897aa/",
"pulp_created": "2024-03-15T00:31:53.823938Z",
"versions_href": "/pulp/api/v3/repositories/python/python/018e3f85-bfde-7228-b620-68f8f49897aa/versions/",
"pulp_labels": {},
"latest_version_href": "/pulp/api/v3/repositories/python/python/018e3f85-bfde-7228-b620-68f8f49897aa/versions/0/",
"name": "Test-PyPI",
"description": "",
"retain_repo_versions": null,
"remote": null,
"autopublish": false
}
]
Sync the repository with the remote:
pulp python repository sync --name Test-PyPI --remote Test-PyPI
The logs would generate the following error:
pulp-pulp_worker-1 | 2024-03-18T21:47:12.763642774Z aiohttp.client_exceptions.ClientConnectorCertificateError: Cannot connect to host pypi.org:443 ssl:True [SSLCertVerificationError: (1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1129)')]
Expected behavior
A clear and concise description of what you expected to happen.
TLS validation not to be performed on the remote when a sync is performed on the python repository and remote.
Additional context
Add any other context about the problem here. Please provide links to any previous discussions via Discourse or Bugzilla.
Version
Please provide the versions of the pulpcore and pulp_python packages in use, and how they are installed. If you are using Pulp via Katello, please provide the Katello version.
"core": "3.47.0"
"python": "3.11.0"
We are using docker compose to installed Pulp components.
Describe the bug
A clear and concise description of what the bug is.
When a Python remote is created for PyPI, using a HTTP proxy, and when TLS Validation is set to False, we are getting a certificate validation error when trying to sync the python repository with the PyPI remote.
To Reproduce
Steps to reproduce the behavior:
Create a Python Remote pointing to PyPI, with HTTP proxy, and TLS Validation set to False:
[
{
“pulp_href”: “/pulp/api/v3/remotes/python/python/018e3f85-b903-783a-a05a-f86fdabce839/”,
“pulp_created”: “2024-03-15T00:31:52.068466Z”,
“name”: “Test-PyPI”,
"url": “https://pypi.org/”,
“ca_cert”: null,
“client_cert”: null,
"tls_validation": false,
"proxy_url": “http://10.1.1.9:8080/”,
“pulp_labels”: {},
“pulp_last_updated”: “2024-03-18T15:58:31.957989Z”,
“download_concurrency”: null,
“max_retries”: null,
“policy”: “on_demand”,
“total_timeout”: null,
“connect_timeout”: null,
“sock_connect_timeout”: null,
“sock_read_timeout”: null,
“headers”: null,
“rate_limit”: null,
“hidden_fields”: [
{
“name”: “client_key”,
“is_set”: false
},
{
“name”: “proxy_username”,
“is_set”: false
},
{
“name”: “proxy_password”,
“is_set”: false
},
{
“name”: “username”,
“is_set”: false
},
{
“name”: “password”,
“is_set”: false
}
],
“includes”: [
“shelf-reader”
],
“excludes”: [],
“prereleases”: true,
“package_types”: [],
“keep_latest_packages”: 0,
“exclude_platforms”: []
}
]
Create a Python Repository:
[
{
"pulp_href": "/pulp/api/v3/repositories/python/python/018e3f85-bfde-7228-b620-68f8f49897aa/",
"pulp_created": "2024-03-15T00:31:53.823938Z",
"versions_href": "/pulp/api/v3/repositories/python/python/018e3f85-bfde-7228-b620-68f8f49897aa/versions/",
"pulp_labels": {},
"latest_version_href": "/pulp/api/v3/repositories/python/python/018e3f85-bfde-7228-b620-68f8f49897aa/versions/0/",
"name": "Test-PyPI",
"description": "",
"retain_repo_versions": null,
"remote": null,
"autopublish": false
}
]
Sync the repository with the remote:
pulp python repository sync --name Test-PyPI --remote Test-PyPI
The logs would generate the following error:
pulp-pulp_worker-1 | 2024-03-18T21:47:12.763642774Z aiohttp.client_exceptions.ClientConnectorCertificateError: Cannot connect to host pypi.org:443 ssl:True [SSLCertVerificationError: (1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1129)')]
Expected behavior
A clear and concise description of what you expected to happen.
TLS validation not to be performed on the remote when a sync is performed on the python repository and remote.
Additional context
Add any other context about the problem here. Please provide links to any previous discussions via Discourse or Bugzilla.