User story #11835: Make curl invocation's ignore certificate configurable - Rudder - Issue Tracker

Actions

Copy link

User story #11835

closed

Make curl invocation's ignore certificate configurable

Added by Janos Mattyasovszky over 6 years ago. Updated over 4 years ago.

Status:

Rejected

Priority:

N/A

Assignee:

Category:

System techniques

Target version:

6.0.0~beta1

Pull Request:

UX impact:

Suggestion strength:

User visibility:

Infrequent - complex configurations | third party integrations

Effort required:

Name check:

Fix check:

Regression:

Description

Currently the curl invocations (get policy server's UUID / upload inventory) include the -k option, which means "insecure".

inventory/1.0/fusionAgent.cf:      "download_command"   string => "${g.rudder_curl} -L -k -1 -s -f --proxy '' -o \"${sys.workdir}/rudder-server-uuid.txt\" ${g.inventory_upload_protocol}://${server_info.cfserved}/uuid";
inventory/1.0/fusionAgent.cf:      "download_command_prefix"   string => "${g.rudder_curl} -L -k -1 -f -s --proxy '' --user ${g.davuser}:${g.davpw} -T";

This is "acceptable" if you have deployed self-signed certs for rudder root/relay, but if you tend to have an established trust to a CA, this adds an unnecessary and unconfigurable security softening.

Related issues 2 (0 open — 2 closed)

Actions

Copy link

Also available in: Atom PDF

	Related to Rudder - User story #6363: Secure agent/server communication	Released		2011-03-28			Actions
	Is duplicate of Rudder - Architecture #15513: Make certificate verification in HTTP calls configurable	Released	Nicolas CHARLES				Actions

Project

General

Profile

Rudder

Custom queries

User story #11835

Make curl invocation's ignore certificate configurable

Updated by Benoît PECCATTE over 6 years ago

Updated by Benoît PECCATTE about 6 years ago

Updated by Alexis Mousset about 5 years ago

Updated by Alexis Mousset about 5 years ago

Updated by Alexis Mousset over 4 years ago

Updated by Alexis Mousset over 4 years ago