[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-devel] [OSSTEST PATCH v14 05/24] ts-openstack-deploy: set CURL_CA_BUNDLE
From: Ian Jackson <ian.jackson@xxxxxxxxxxxxx> This overrides pip's attempt to specify a specific certificate bundle, and is necessary if we have a MITM SSL proxy. The security implications are not ideal, because the MITM proxy will allow any X.509 cert from any CA, whereas pip would only allow an expected cert. But we got pip via plain https to start with... CC: Anthony PERARD <anthony.perard@xxxxxxxxxx> Signed-off-by: Ian Jackson <ian.jackson@xxxxxxxxxxxxx> --- ts-openstack-deploy | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/ts-openstack-deploy b/ts-openstack-deploy index d2971f5..6d7de1c 100755 --- a/ts-openstack-deploy +++ b/ts-openstack-deploy @@ -137,7 +137,10 @@ END sub deploy() { my $httpproxy = http_proxy_envsettings($ho); - + my $mitmcert = target_https_mitm_proxy_cert_path($ho); + $httpproxy .= + "\n CURL_CA_BUNDLE=$mitmcert; export CURL_CA_BUNDLE" + if $mitmcert; target_cmd($ho, <<END, 1800); set -e $httpproxy -- Anthony PERARD _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx https://lists.xen.org/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |