/vagrant

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Allow user to define if the box_url is insecure #1712

Closed
wants to merge 1 commit into
base: master
from

Conversation

Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
4 participants
@igorbonadio @fgrehm @mitchellh @dragon788
@igorbonadio

igorbonadio commented May 10, 2013

Currently, it's possible to download a box from an insecure server using the command:

vagrant box add mybox  https://insecureserver.com/mybox.box --insecure

But I think set it in a Vagrantfile is a good feature.

Vagrant.configure("2") do |config|
  config.vm.box = "mybox"
  config.vm.box_url = "https://insecureserver.com/mybox.box"
  config.vm.box_download_insecure = true
end

@mitchellh mitchellh referenced this pull request Jul 1, 2013

Closed

Vagrantfile and insecure option (certificate issue) #1887

mitchellh added a commit that referenced this pull request Jul 20, 2013

@mitchellh
box_download_insecure to not validate https of box_url [GH-1712]
af66f5f
@fgrehm

This comment has been minimized.

Show comment
Hide comment
@fgrehm

fgrehm Jul 21, 2013

Collaborator

Hey @mitchellh, looks like you fixed this on af66f5f, shall we close this?
Collaborator

fgrehm commented Jul 21, 2013

Hey @mitchellh, looks like you fixed this on af66f5f, shall we close this?
@mitchellh

This comment has been minimized.

Show comment
Hide comment
@mitchellh

mitchellh Jul 21, 2013

Member

Oh I did, yep. Closing! Thanks.
Member

mitchellh commented Jul 21, 2013

Oh I did, yep. Closing! Thanks.

@mitchellh mitchellh closed this Jul 21, 2013

dldinternet pushed a commit to dldinternet/vagrant that referenced this pull request Aug 26, 2013

@mitchellh Christo DeLange
box_download_insecure to not validate https of box_url [hashicorpGH-1712 
]
2a92589

dldinternet pushed a commit to dldinternet/vagrant that referenced this pull request Sep 1, 2013

@mitchellh Christo DeLange
box_download_insecure to not validate https of box_url [hashicorpGH-1712 
]
926d5f4
@dragon788

This comment has been minimized.

Show comment
Hide comment
@dragon788

dragon788 Feb 9, 2017

Contributor

@mitchellh @sethvargo Since it is a terrible practice to disable SSL verification long term, would it be possible to add instructions on correcting the certificate issue the right way by catching this certificate error exception and giving a helpful suggestion, i.e. adding the certificate to the trust chain of the embedded Ruby and curl or better yet using the alternate CA path that was added to a newer Vagrant version? config.vm.box_download_ca_cert appears to be the new setting.
Contributor

dragon788 commented Feb 9, 2017

@mitchellh @sethvargo Since it is a terrible practice to disable SSL verification long term, would it be possible to add instructions on correcting the certificate issue the right way by catching this certificate error exception and giving a helpful suggestion, i.e. adding the certificate to the trust chain of the embedded Ruby and curl or better yet using the alternate CA path that was added to a newer Vagrant version? config.vm.box_download_ca_cert appears to be the new setting.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment