Project

General

Profile

Actions

User story #11835

closed

Make curl invocation's ignore certificate configurable

Added by Janos Mattyasovszky about 7 years ago. Updated over 5 years ago.

Status:
Rejected
Priority:
N/A
Assignee:
-
Category:
System techniques
Target version:
UX impact:
Suggestion strength:
User visibility:
Infrequent - complex configurations | third party integrations
Effort required:
Name check:
Fix check:
Regression:

Description

Currently the curl invocations (get policy server's UUID / upload inventory) include the -k option, which means "insecure".

inventory/1.0/fusionAgent.cf:      "download_command"   string => "${g.rudder_curl} -L -k -1 -s -f --proxy '' -o \"${sys.workdir}/rudder-server-uuid.txt\" ${g.inventory_upload_protocol}://${server_info.cfserved}/uuid";
inventory/1.0/fusionAgent.cf:      "download_command_prefix"   string => "${g.rudder_curl} -L -k -1 -f -s --proxy '' --user ${g.davuser}:${g.davpw} -T";

This is "acceptable" if you have deployed self-signed certs for rudder root/relay, but if you tend to have an established trust to a CA, this adds an unnecessary and unconfigurable security softening.


Related issues 2 (0 open2 closed)

Related to Rudder - User story #6363: Secure agent/server communicationReleased2011-03-28Actions
Is duplicate of Rudder - Architecture #15513: Make certificate verification in HTTP calls configurableReleasedNicolas CHARLESActions
Actions #1

Updated by Benoît PECCATTE about 7 years ago

  • Tracker changed from Bug to User story
Actions #2

Updated by Benoît PECCATTE almost 7 years ago

  • Target version set to Ideas (not version specific)
Actions #3

Updated by Alexis Mousset over 5 years ago

  • Target version changed from Ideas (not version specific) to 6.0.0~beta1
Actions #4

Updated by Alexis Mousset over 5 years ago

Actions #5

Updated by Alexis Mousset over 5 years ago

  • Status changed from New to Rejected

Closing as #15513 duplicate (implemented in 5.1)

Actions #6

Updated by Alexis Mousset over 5 years ago

  • Is duplicate of Architecture #15513: Make certificate verification in HTTP calls configurable added
Actions

Also available in: Atom PDF