I use conan on an internal network with PKI rooted under a local private CA. For normal conan client use, this requires users to append to their ".conan/cacert.pem" file the local CA.

When used by the Jenkins artifactory plugin, it appears that there is no way to influence the temporary per-build conan configuration to include the local CA, so any attempts to access our Artifactory host are blocked (correctly) as having an improper host certificate.

A workaround for the CA issue is to create a system-wide or account-wide conan configuration, modify the "cacert.pem" file appropriately, and then use the following within a Jenkinsfile to force the use of a single ".conan" home folder. Unfortunately, this has implications on concurrent builds on a single host which I would like to avoid.

    // work-around Jenkins conan client not liking environment variable
    def realHome = "${env.CONAN_USER_HOME}".toString()
    withEnv(['CONAN_USER_HOME=']) {
        def conan = Artifactory.newConanClient(userHome: realHome)
        buildInfoDn = conan.run(
            command: "install conanfile.py -s build_type=${buildtype} -o import_symstore=True".toString()
        )
    }