Ability to disable certificate verification during connecting to CS, update docs, and fix anonymizer failing tests #112
Conversation
…on to central server Refs: OPMONDEV-181
Refs: OPMONDEV-181
Refs: OPMONDEV-181
…g tests Refs: OPMONDEV-181
|
| @@ -77,7 +83,7 @@ xroad: | |||
| tls-client-certificate: | |||
| # path to client's private key | |||
| tls-client-key: | |||
| # path to server's certificate | |||
| # path to server's certificate, or False to disable server certificate verification | |||
There was a problem hiding this comment.
Currently I believe that and empty value also disables this. Since older installations wouldn't have the parameter, can me also have the same behavior in these cases?
There was a problem hiding this comment.
Please correct me if I'm wrong, but as per my understanding for this section in the documentation, an empty value would still verify the SSL certificate (since it's the default behavior).
The reason why I added the new feature of disabling certificate verification while connecting to central server (not security server), is because I had SSL enabled for the central server locally, but collector module was failing to verify the certificate and hence failing to start.
Perhaps I am missing something or had my collector misconfigured and that there is way (without my modifications to collector_module/opmon_collector/central_server_client.py) that I can disable the certificate verification during SSL connection?
There was a problem hiding this comment.
Ah yes, sorry, for some reason I thought this related to enabling / disabling mTLS. In this case I think it is fine.
And it is a good catch about the Central Server, it previously did not support HTTPS, only HTTP. That's why the X-Road Metrics code hasn't accounted for the HTTPS connection to the global configuration yet.
Refs: OPMONDEV-181