[Yum] Support validiting ssl server cert for https accessible yum repositories?

James Bowes jbowes at redhat.com
Mon Nov 20 20:19:24 UTC 2006


Michael Stenner wrote:
> On Mon, Nov 20, 2006 at 06:35:59PM +0000, Ben Grommes wrote:
>> As far as I can tell there is no support in yum for validating the server cert
>> used by an https accessible yum repository.  Can someone confirm that this is
>> indeed the case?  
>>
>> Specifically, I was looking for the ability to specify a trusted ca cert to
>> check the issuer of the ssl server cert against as part of establishing the
>> https connection.
> 
> James Bowes recently added M2Crypto support to urlgrabber.  It's in
> the most recent version, 3.1.0.  However, it requires that M2Crypto be
> available.  Also, support doesn't currently exist at the yum level,
> but I'm betting if you ask nicely, that could be made to happen.
> 
> It's possible that patches and/or plugins already exist to do it, but
> I don't know about that.
> 					-Michael

I posted a patch to yum-devel [1] that adds the rest of the bits to let 
yum do cert checking with urlgrabber. It just adds an sslcacert option 
for the repo config, which is the location of the cert on disk.

-James

[1] 
https://lists.dulug.duke.edu/pipermail/yum-devel/2006-September/002617.html



More information about the Yum mailing list