Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Enable turning off ssl validation for single `remote_file` resource #8897

Open
jaymzh opened this issue Sep 18, 2019 · 0 comments

Comments

@jaymzh
Copy link
Member

commented Sep 18, 2019

Describe the Enhancement:

Currently people can either turn off SSL validation for the entire client, or not. That means if you need to remote_file a single https endpoint with a self-signed cert, most people end up turning off all validation and thus being even more insecure than they need to be.

A property to control :ssl_verify_mode for that specific resource would be better.

Describe the Need:

remote_file 'https://someserver.com/thing' do
  ssl_verify_mode :verify_none
end

Current Alternative

I've tried various alternatives like:

ruby_block 'turn off ssl verify' do
  block { Chef::Config[:ssl_verify_mode] = :verify_none }
end
remote_file 'https://someserver.com/thing' do
  ...
end
ruby_block 'turn on ssl viery' do
  block { Chef::Config[:ssl_verify_mode] = :verify_peer }
end

but didn't have success.

Can We Help You Implement This?:

If I get time I will poke at it...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
1 participant
You can’t perform that action at this time.