Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Option to provide custom CA certificate #2

Closed
stklcode opened this issue Oct 14, 2016 · 1 comment

Comments

@stklcode
Copy link
Owner

commented Oct 14, 2016

In local networks server certificates are often signed by a local CA. To avoid adding the root certificate to the Java keystore on every system a vault-connected application is running on, the ability of providing a trusted certificate should be added.

There might be multiple solutions, probaly the most simple would be to accept a SSLContext object to pass to the HTTP client. Little more comfortable maybe accepting a File or Path pointing to the certificate and let the ConnectorFactory to the necessary configuration.

Maybe even disabling validation completely should be an option. (Security issue for sure, but even an unencrytped connection is possible... Better unechecked than unencrypted if validation is impossible for any reason.)

@stklcode stklcode added this to the 0.4 milestone Oct 14, 2016

@stklcode stklcode self-assigned this Oct 15, 2016

@stklcode stklcode changed the title Option to provide custom root certificate Option to provide custom CA certificate Oct 24, 2016

@stklcode

This comment has been minimized.

Copy link
Owner Author

commented Nov 6, 2016

Two methods have been added to the HTTPVaultConnectorFactory:

  • withTrustedCA(Path) - Trust only the CA certificate provided in parameter
  • withSslContext(SSLContext) - Use given SSL context

This feature is optional, if nothing is provided here, default system context is used.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
1 participant
You can’t perform that action at this time.