#311 Revert "Don't validate the CA of the server when downloading the CA"
Merged 4 years ago by gnaponie. Opened 4 years ago by lholecek.
lholecek/waiverdb revert-insecure-cert-get  into  master

file modified
+1 -1
@@ -8,7 +8,7 @@ 

    # installing CA certificate

    if [ -n "${CA_URL}" ] && [ ! -f "/tmp/.ca-imported" ]; then

      # Since update-ca-trust doesn't work as a non-root user, let's just append to the bundle directly

-     curl -k --silent --show-error --location "${CA_URL}" >> /etc/pki/tls/certs/ca-bundle.crt

+     curl --silent --show-error --location "${CA_URL}" >> /etc/pki/tls/certs/ca-bundle.crt

      # Create a file so we know not to import it again if the container is restarted

      touch /tmp/.ca-imported

    fi

This reverts commit e986a94.

The insecure flag to fetch certificate is no longer needed (fixed on the
cert server).

mm not sure why this was again there... but +1

mm not sure why this was again there... but +1

This was changed separately in Greenwave and WaiverDB, but reverted only in Greenwave.

Oh! That's WaiverDB... /me needs PTO...

I didn't submit the PR because the issue seems solved, but sysops didn't give us any update about it... I've reverted it in Greenwave because we released yesterday and I didn't want to put that change in production.

@lucarval can we merge this now or do we still want to wait for sysops' reply?

Pull-Request has been merged by gnaponie

4 years ago
Metadata