From 0dd522e7da9593a35a0bddaa93004fb8ef0fb7bd Mon Sep 17 00:00:00 2001 From: Sohan Kunkerkar Date: Fri, 15 May 2020 12:18:34 -0400 Subject: [PATCH] Add CA bundle reference in the docs --- doc/configuration-v2_2.md | 2 +- doc/configuration-v2_3.md | 2 +- doc/configuration-v2_4.md | 2 +- doc/configuration-v2_5-experimental.md | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/doc/configuration-v2_2.md b/doc/configuration-v2_2.md index 394a265b9..ae3ce1237 100644 --- a/doc/configuration-v2_2.md +++ b/doc/configuration-v2_2.md @@ -19,7 +19,7 @@ The Ignition configuration is a JSON document conforming to the following specif * **_security_** (object): options relating to network security. * **_tls_** (object): options relating to TLS when fetching resources over `https`. * **_certificateAuthorities_** (list of objects): the list of additional certificate authorities (in addition to the system authorities) to be used for TLS verification when fetching over `https`; this applies only to Ignition itself, the certificates are not added persistently to the system-wide trust store. - * **source** (string): the URL of the certificate (in PEM format). Supported schemes are `http`, `https`, `s3`, `tftp`, and [`data`][rfc2397]. Note: When using `http`, it is advisable to use the verification option to ensure the contents haven't been modified. + * **source** (string): the URL of the certificate bundle (in PEM format). The bundle can contain multiple concatenated certificates. Supported schemes are `http`, `https`, `s3`, `tftp`, and [`data`][rfc2397]. Note: When using `http`, it is advisable to use the verification option to ensure the contents haven't been modified. * **_verification_** (object): options related to the verification of the certificate. * **_hash_** (string): the hash of the certificate, in the form `-` where type is sha512. * **_storage_** (object): describes the desired state of the system's storage devices. diff --git a/doc/configuration-v2_3.md b/doc/configuration-v2_3.md index 9291f6a47..4a8c82f0b 100644 --- a/doc/configuration-v2_3.md +++ b/doc/configuration-v2_3.md @@ -19,7 +19,7 @@ The Ignition configuration is a JSON document conforming to the following specif * **_security_** (object): options relating to network security. * **_tls_** (object): options relating to TLS when fetching resources over `https`. * **_certificateAuthorities_** (list of objects): the list of additional certificate authorities (in addition to the system authorities) to be used for TLS verification when fetching over `https`. - * **source** (string): the URL of the certificate (in PEM format). Supported schemes are `http`, `https`, `s3`, `tftp`, and [`data`][rfc2397]. Note: When using `http`, it is advisable to use the verification option to ensure the contents haven't been modified. + * **source** (string): the URL of the certificate bundle (in PEM format). The bundle can contain multiple concatenated certificates. Supported schemes are `http`, `https`, `s3`, `tftp`, and [`data`][rfc2397]. Note: When using `http`, it is advisable to use the verification option to ensure the contents haven't been modified. * **_verification_** (object): options related to the verification of the certificate. * **_hash_** (string): the hash of the certificate, in the form `-` where type is sha512. * **_storage_** (object): describes the desired state of the system's storage devices. diff --git a/doc/configuration-v2_4.md b/doc/configuration-v2_4.md index f127ff2ee..f4fb00162 100644 --- a/doc/configuration-v2_4.md +++ b/doc/configuration-v2_4.md @@ -25,7 +25,7 @@ The Ignition configuration is a JSON document conforming to the following specif * **_security_** (object): options relating to network security. * **_tls_** (object): options relating to TLS when fetching resources over `https`. * **_certificateAuthorities_** (list of objects): the list of additional certificate authorities (in addition to the system authorities) to be used for TLS verification when fetching over `https`. - * **source** (string): the URL of the certificate (in PEM format). Supported schemes are `http`, `https`, `s3`, `tftp`, and [`data`][rfc2397]. Note: When using `http`, it is advisable to use the verification option to ensure the contents haven't been modified. + * **source** (string): the URL of the certificate bundle (in PEM format). The bundle can contain multiple concatenated certificates. Supported schemes are `http`, `https`, `s3`, `tftp`, and [`data`][rfc2397]. Note: When using `http`, it is advisable to use the verification option to ensure the contents haven't been modified. * **_httpHeaders_** (list of objects): a list of HTTP headers to be added to the request. Available for `http` and `https` source schemes only. * **name** (string): the header name. * **value** (string): the header contents. diff --git a/doc/configuration-v2_5-experimental.md b/doc/configuration-v2_5-experimental.md index 9dd8db629..e27ce5553 100644 --- a/doc/configuration-v2_5-experimental.md +++ b/doc/configuration-v2_5-experimental.md @@ -27,7 +27,7 @@ The Ignition configuration is a JSON document conforming to the following specif * **_security_** (object): options relating to network security. * **_tls_** (object): options relating to TLS when fetching resources over `https`. * **_certificateAuthorities_** (list of objects): the list of additional certificate authorities (in addition to the system authorities) to be used for TLS verification when fetching over `https`. - * **source** (string): the URL of the certificate (in PEM format). Supported schemes are `http`, `https`, `s3`, `tftp`, and [`data`][rfc2397]. Note: When using `http`, it is advisable to use the verification option to ensure the contents haven't been modified. + * **source** (string): the URL of the certificate bundle (in PEM format). The bundle can contain multiple concatenated certificates. Supported schemes are `http`, `https`, `s3`, `tftp`, and [`data`][rfc2397]. Note: When using `http`, it is advisable to use the verification option to ensure the contents haven't been modified. * **_httpHeaders_** (list of objects): a list of HTTP headers to be added to the request. Available for `http` and `https` source schemes only. * **name** (string): the header name. * **value** (string): the header contents.