rudder-metrics-reporting is relying on local CA bundles to validate https
We do not have any control over what CA's are registered in people machines, and often those CA bundle fail to validate our certificate for feedback.rudder-project.org
We should either disable validation using -k or provide our own CA bundles to validate the connection.
What do you think ?
Updated by François ARMAND over 6 years ago
The data is anonymised, but at the moment of the send, someone can intercept the connection (typical man in the middle attack, for ex. with dns poisoning on the url for feedback) and then know who sent the information and learn things that should not be public about the internal infra of the user.
So I think we should encrypt the connection.
Updated by Benoît PECCATTE over 6 years ago
- Status changed from 8 to Pending technical review
- Assignee changed from Benoît PECCATTE to Matthieu CERDA
- Pull Request set to https://github.com/Normation/rudder-packages/pull/566