[Yum] Support validiting ssl server cert for https accessible yum repositories?
jbowes at redhat.com
Mon Nov 20 20:19:24 UTC 2006
Michael Stenner wrote:
> On Mon, Nov 20, 2006 at 06:35:59PM +0000, Ben Grommes wrote:
>> As far as I can tell there is no support in yum for validating the server cert
>> used by an https accessible yum repository. Can someone confirm that this is
>> indeed the case?
>> Specifically, I was looking for the ability to specify a trusted ca cert to
>> check the issuer of the ssl server cert against as part of establishing the
>> https connection.
> James Bowes recently added M2Crypto support to urlgrabber. It's in
> the most recent version, 3.1.0. However, it requires that M2Crypto be
> available. Also, support doesn't currently exist at the yum level,
> but I'm betting if you ask nicely, that could be made to happen.
> It's possible that patches and/or plugins already exist to do it, but
> I don't know about that.
I posted a patch to yum-devel  that adds the rest of the bits to let
yum do cert checking with urlgrabber. It just adds an sslcacert option
for the repo config, which is the location of the cert on disk.
More information about the Yum