Validate component certs by default #954
Comments
|
We tried to resolve this in #952. However, the CF-D pipeline environments use self-signed certs, which prevented tests from passing. Therefore, created we were forced to revert that PR, and have created this issue to track future work. Tim Downey also noted that many of the present cert validation skips are in place due to a long-standing issue with validating certs for space-scoped service brokers in CC_NG. |
ctlong
moved this from Inbox
to Waiting on feedback
in App Runtime Deployments Working Group
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
What is this issue about?
cf-deployment currently skips verification of certificates for certain inter-component communications by default, with an ops file to stop skipping certificate validation.
We would expect the reverse, that cf-deployment be the most secure by default, with an ops file to make it insecure as desired.
What version of cf-deployment are you using?
cf-deployment v17.1.0
Please include the
bosh deploy...command, including all the operations files (plus any experimental operation files you're using):N/A
Please provide output that helps describe the issue:
N/A
What IaaS is this issue occurring on?
N/A
Is there anything else unique or special about your setup?
N/A
Tag your pair, your PM, and/or team!
@mkocher @acrmp
The text was updated successfully, but these errors were encountered: