Project

General

Profile

Architecture #15513

Make certificate verification in HTTP calls configurable

Added by Alexis MOUSSET 3 months ago. Updated 17 days ago.

Status:
Released
Priority:
N/A
Category:
Agent
Target version:
Effort required:

Description

Currently all HTTP calls (reporting, inventory, API, etc.) disable certificate validation.

We can make it configurable based on a system variable, to allow users having a certificate infrastructure in place to verify certificates.

This change needs to be done in both techniques and agent scripts.

The default behaviour needs to stay the current one for compatibility.


Subtasks

Architecture #15514: Make certificate verification in HTTP calls configurable - techniquesReleasedNicolas CHARLESActions
ncf - Architecture #15518: Make certificate verification in HTTP calls configurable - ncfReleasedNicolas CHARLESActions
Architecture #15516: Add new system variable for certificate validationRejectedActions
Architecture #15517: scala code for handling the system variable and setting it with APIReleasedVincent MEMBRÉActions

Related issues

Related to Rudder - Architecture #15515: Document how to use an existing X509 PKI to secure Rudder node-server communicationNewActions
Has duplicate Rudder - User story #11835: Make curl invocation's ignore certificate configurableRejectedActions
Has duplicate Rudder - User story #9624: Add an option to check server certificate when sending inventoryRejectedActions

Associated revisions

Revision c284b86f (diff)
Added by Alexis MOUSSET 3 months ago

Fixes #15513: Make certificate verification in HTTP calls configurable

History

#1

Updated by Alexis MOUSSET 3 months ago

  • Status changed from New to In progress
  • Assignee set to Alexis MOUSSET
#2

Updated by Alexis MOUSSET 3 months ago

  • Status changed from In progress to Pending technical review
  • Assignee changed from Alexis MOUSSET to Nicolas CHARLES
  • Pull Request set to https://github.com/Normation/rudder-techniques/pull/1498
#3

Updated by Alexis MOUSSET 3 months ago

  • Has duplicate User story #11835: Make curl invocation's ignore certificate configurable added
#4

Updated by Alexis MOUSSET 3 months ago

  • Has duplicate User story #9624: Add an option to check server certificate when sending inventory added
#5

Updated by Alexis MOUSSET 3 months ago

  • Status changed from Pending technical review to Pending release
#6

Updated by Vincent MEMBRÉ 17 days ago

This bug has been fixed in Rudder 6.0.0~beta1 which was released today.

#7

Updated by Vincent MEMBRÉ 17 days ago

  • Related to Architecture #15515: Document how to use an existing X509 PKI to secure Rudder node-server communication added
#8

Updated by Vincent MEMBRÉ 17 days ago

  • Status changed from Pending release to Released

Also available in: Atom PDF