Fix the fallback logic for tls verification

If no PULP_CA_BUNDLE is provided, but validte_certs is set, we should pass True to requests session.verify. (cherry picked from commit 6a51241)
pulp · May 22, 2024 · 4488f8e · 4488f8e
1 parent 7611fc0
commit 4488f8e
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 2 deletions.
diff --git a/CHANGES/pulp-glue/+ca_defaults.bugfix b/CHANGES/pulp-glue/+ca_defaults.bugfix
@@ -0,0 +1 @@
+Fixed the logic to use requests defaults for tls verification.
diff --git a/pulp-glue/pulp_glue/common/openapi.py b/pulp-glue/pulp_glue/common/openapi.py
@@ -152,8 +152,8 @@ def __init__(
             self._session.headers.update(headers)
         self._session.max_redirects = 0
 
-        verify: t.Optional[t.Union[bool, str]] = (
-            os.environ.get("PULP_CA_BUNDLE") if validate_certs is not False else False
+        verify: t.Optional[t.Union[bool, str]] = validate_certs and os.environ.get(
+            "PULP_CA_BUNDLE", True
         )
         session_settings = self._session.merge_environment_settings(
             base_url, {}, None, verify, None
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		Fixed the logic to use requests defaults for tls verification.