Skip to content

Commit

Permalink
Make use of tls_validation when syncing signatures
Browse files Browse the repository at this point in the history
closes #1305

(cherry picked from commit 1626f17)
  • Loading branch information
lubosmj committed Jan 30, 2024
1 parent b67d6e1 commit d5f0af0
Show file tree
Hide file tree
Showing 3 changed files with 10 additions and 2 deletions.
1 change: 1 addition & 0 deletions CHANGES/1305.bugfix
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Disabled TLS validation, if opted out in a remote, when syncing signatures.
7 changes: 7 additions & 0 deletions pulp_container/app/downloaders.py
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
import aiohttp
import asyncio
import json
import ssl
import re

from aiohttp.client_exceptions import ClientResponseError
Expand Down Expand Up @@ -200,6 +201,12 @@ def _make_aiohttp_session_from_remote(self):
"""
tcp_conn_opts = {"force_close": True}

if not self._remote.tls_validation:
sslcontext = ssl.create_default_context()
sslcontext.check_hostname = False
sslcontext.verify_mode = ssl.CERT_NONE
tcp_conn_opts["ssl_context"] = sslcontext

headers = MultiDict({"User-Agent": NoAuthDownloaderFactory.user_agent()})
if self._remote.headers is not None:
for header_dict in self._remote.headers:
Expand Down
4 changes: 2 additions & 2 deletions pulp_container/app/tasks/sync_stages.py
Original file line number Diff line number Diff line change
Expand Up @@ -221,8 +221,8 @@ async def get_signature_source(self):
result = await extension_check_downloader.run()
response_headers = result.headers
except aiohttp.client_exceptions.ClientResponseError as exc:
if exc.status == 401:
response_headers = dict(exc.headers)
# ignore all HTTP errors, focus on the headers
response_headers = dict(exc.headers)
if response_headers.get(SIGNATURE_HEADER) == "1":
return SIGNATURE_SOURCE.API_EXTENSION

Expand Down

0 comments on commit d5f0af0

Please sign in to comment.