[Pulp-list] verify_ssl

[Randy Barlow]

On 08/27/2014 10:07 AM, Sean Waite wrote:
> If you read the release notes
> (http://pulp-user-guide.readthedocs.org/en/latest/release-notes/2.4.x.html),
> you'll see that with the self-signed certs, you'll need to set
> verify_ssl to False in the admin.conf and others.

I'd like to add that verify_ssl should only be set to False when you are
confident that it will not be a security risk for you. When verify_ssl
is set to False, you lose a lot of the benefit of SSL and become
vulnerable to MITM attacks and other creative vectors. If you aren't
sure, make sure to keep it set to True and use real signed certificates
with your Apache server that is running Pulp.

Koen, the specific issue you are running into is that 2.4.0 introduced
some new settings for that and other files, and those settings must be
present. admin.conf doesn't have an .rpmnew file (this is also mentioned
in the release notes), but please check all .rpmnew files under
/etc/pulp, and make sure you have included any other new settings that
have been introduced in this release.

Our resident jortel has introduced a change for a future Pulp release
that will fix our configuration system so that new settings will have
sane defaults when they are not specified in config files so that we can
avoid this trouble in future releases.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/pulp-list/attachments/20140827/84e9c8a6/attachment.sig>