CA pinning for DNF (sslcacert is ignored)
Joonas Lehtonen
joonas.lehtonen at bitmessage.ch
Sat Aug 23 15:53:22 UTC 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
> since it has been suggested that I should file bug [1] (CA pinning
> for mirrors.fedoraproject.org for yum) also against yum's
> successor dnf [2], I'm wondering if sslcacert is also understood by
> dnf?
>
> from the man page of dnf.conf: "DNF by default uses the global
> configuration file at /etc/dnf/dnf.conf and all *.repo files found
> under /etc/yum.repos.d."
>
> That tells me that dnf parses the same repo files as dnf, but
> there is no 'sslcacert' option in dnf.conf 's man page. So I'm
> wondering whether just the man page is not complete or dnf has no
> such option (yet)?
dnf ignores sslcacert option in repo files (implementation matches
documentation).
Anyone know how to do CA pinning when using dnf instead of yum?
or: Are we about to loose that feature? and we need a feature request
for dnf?
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJT+LjxAAoJEG58zmw5nc+vv2IQAKbYO33w5Wfu7g10rCZTq7zN
+2W/LPcwgu/kuyGGgn9a9YlVmt8GuC27o6wkh6UfiwwtltHMIvh0xwz5YNQfQfET
4snCEjQPm3/ILMjr62GZH5xq15GJwsr0SKUOEfsemmZ7P3YqVbJZ4HUcaeiVsOVo
rQZe1WAIjX1sm9MhwJy7/yX987v+eZTTFyYN5xvrcflOwNhRWXUIefXvc3a73d/b
/mJl2DZB7mbJgokiMjrV15TBvbPOXEWx77wgGipFpOk1Ku/L6qpr1WsZ9OxvgMtw
zezge681EHC6/UjWIqiAcjWVTBLRsE8pmsO8bFmkS/xZ92h+RUORCXZBysZXIdsc
mhoGzupNGkKoTkq+POOOmzu2WTZ8suLWtr8QSAzaa8jTmryhUHbtAUfKnrGVbLNB
c/KpQu7T5KibJ33lATqTpf40uxEQOf6TBGNQwpp4Gz5wV96etwUdqoa6RF1WZlEz
rXhQVIKX6I71m0XVfGuZg5U5ToNelJ7Oouh2ZmwNGXYO/D5zNdhTLzGE5Tvdzx/E
OnBn+RXBjKPZGmZXVJUln44POnvaUP7yfBiid6OtMdUSfg8dM2Q916YKGWRvCmp4
WjkqVzg4sB15ZTL+x2t/ei/WMOFJj7J68fCxVpWgXoUeJQ6bloPFYIUMLBwwNGbp
GprUEubqosOePxu9GT9x
=Zfx1
-----END PGP SIGNATURE-----
More information about the users
mailing list