Actions
User story #11835
closedMake curl invocation's ignore certificate configurable
Pull Request:
UX impact:
Suggestion strength:
User visibility:
Infrequent - complex configurations | third party integrations
Effort required:
Name check:
Fix check:
Regression:
Description
Currently the curl invocations (get policy server's UUID / upload inventory) include the -k
option, which means "insecure".
inventory/1.0/fusionAgent.cf: "download_command" string => "${g.rudder_curl} -L -k -1 -s -f --proxy '' -o \"${sys.workdir}/rudder-server-uuid.txt\" ${g.inventory_upload_protocol}://${server_info.cfserved}/uuid"; inventory/1.0/fusionAgent.cf: "download_command_prefix" string => "${g.rudder_curl} -L -k -1 -f -s --proxy '' --user ${g.davuser}:${g.davpw} -T";
This is "acceptable" if you have deployed self-signed certs for rudder root/relay, but if you tend to have an established trust to a CA, this adds an unnecessary and unconfigurable security softening.
Updated by Benoît PECCATTE about 7 years ago
- Tracker changed from Bug to User story
Updated by Benoît PECCATTE almost 7 years ago
- Target version set to Ideas (not version specific)
Updated by Alexis Mousset over 5 years ago
- Target version changed from Ideas (not version specific) to 6.0.0~beta1
Updated by Alexis Mousset over 5 years ago
- Related to User story #6363: Secure agent/server communication added
Updated by Alexis Mousset over 5 years ago
- Status changed from New to Rejected
Closing as #15513 duplicate (implemented in 5.1)
Updated by Alexis Mousset over 5 years ago
- Is duplicate of Architecture #15513: Make certificate verification in HTTP calls configurable added
Actions