Uploaded image for project: 'Cloudify'
  1. CFY-6948

CLOUDIFY_SSL_TRUST_ALL has no effect when enabling SSL on bootstrap

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Unprioritized
    • Resolution: Fixed
    • Affects Version/s: 4.0.1
    • Fix Version/s: 4.1
    • Labels:
    • Sprint:
      Cloudify 4.1 Sprint 2

      Description

      https://github.com/cloudify-cosmo/cloudify-rest-client/blob/4.0.1/cloudify_rest_client/client.py#L166

      If a certificate is available (either auto-generated or provided by the user as part of bootstrap), we use that certificate.
      If no certificate is available, we consider CLOUDIFY_SSL_TRUST_ALL.

      However, if the user bootstrapped using ssl_enabled=True, there will always be a certificate. Which means that the value of CLOUDIFY_SSL_TRUST_ALL is ignored.

      Meaning: when using ssl_enabled=True, the user must provide a certificate that is trusted on the CLI host, otherwise bootstrap will fail.

        Attachments

          Activity

            People

            • Assignee:
              isaac_s Isaac Shabtay
              Reporter:
              isaac_s Isaac Shabtay
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: