Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Validate ssl peers #80

Merged
merged 1 commit into from
Oct 7, 2021
Merged

Validate ssl peers #80

merged 1 commit into from
Oct 7, 2021

Conversation

kamaradclimber
Copy link
Contributor

Before this patch, ssl peers where not validated unless custom
certificate were provided. This led to less strict security and annoying
warnings from em-http library. See igrigorik/em-http-request#339.

Now we properly take tls_verify_peer option (defaults to true) in
consideration. This should increase security.

⚠ This is certainly a change for users who uses invalid certificate. However, the options --skip-*-verify-tls should help them to explicitely disable validation if necessary.

@kamaradclimber
Validate ssl peers
c338d03 
Before this patch, ssl peers where not validated unless custom
certificate were provided. This led to less strict security and annoying
warnings from em-http library. See igrigorik/em-http-request#339.

Now we properly take tls_verify_peer option (defaults to true) in
consideration. This should increase security.

Change-Id: I3620aa3de63e20976a204be45bce013d816acc52
@kamaradclimber kamaradclimber requested review from PHBourquin and a team September 2, 2021 17:24
kamaradclimber
kamaradclimber commented Sep 2, 2021
View reviewed changes
lib/consul/async/json_endpoint.rb
@@ -184,6 +184,7 @@ def _handle_error(http)

def fetch
options = {
tls: { verify_peer: conf.tls_verify_peer },
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

FAR: it would have been better to have a common base class for all endpoint types.

@kamaradclimber
Copy link
Contributor Author

@PHBourquin have you had the time to test the PR?

@PHBourquin PHBourquin merged commit 392537c into master Oct 7, 2021
@kamaradclimber
Copy link
Contributor Author

Thanks, could you ping me when you'll publish a new version to rubygems.org?

# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers

@PHBourquin PHBourquin Awaiting requested review from PHBourquin

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@kamaradclimber @PHBourquin