Uploaded image for project: 'OpenShift Logging'
  1. OpenShift Logging
  2. LOG-2283

Add a setting to disable verification of TLS certificates

XMLWordPrintable

    • Insecure Dev Certificates
    • 1
    • True
    • Hide
      This epic was automatically marked as blocked because the resolution for a subtask has been set to Won't Do (or Won't Fix), indicating a functional team cannot support this epic. If you believe this occurred in error, please reach out to the functional team for help in getting this work into their queue.
      Show
      This epic was automatically marked as blocked because the resolution for a subtask has been set to Won't Do (or Won't Fix), indicating a functional team cannot support this epic. If you believe this occurred in error, please reach out to the functional team for help in getting this work into their queue.
    • False
    • Not Selected
    • NEW
    • In Progress
    • Impediment
    • VERIFIED
    • Logging (Core) - Sprint 215

      Use case

      I want to test TLS connections but I don't have valid certificates.

      Development and testing environments often do not have valid certificates signed by a well-known internet CA. Typically development certs

      • are self-signed or have a self-signed CA in their trust chain.
      • do not have a CN that matches the hostname they are installed on.

      Solution

      Add a TLS section to the OutputSpec output configuration for the cluster-logging-operator containing an option to disable verification (InsecureSkipVerify):

      // If InsecureSkipVerify is true, then the TLS client will be configured to ignore errors with certificates.
//
// This option is *not* recommended for production configurations.
InsecureSkipVerify bool `json:"insecureSkipVerify,omitempty"`

      The setting should be documented as only for testing/debugging purpose, not to be used in production environments.

      Example usage:

      spec:
  outputs:
  - name: example-output
    type: elasticsearch
    url: https://es-with-custom-certificate:9200/
    tls:
      insecureSkipVerify: true

          1.
          		 PX Tracker Sub-task Closed Undefined Unassigned
          2.
          		 Docs Tracker Sub-task Closed Undefined Unassigned
          3.
          		 QE Tracker Sub-task Closed Undefined Qiaoling Tang
          4.
          		 TE Tracker Sub-task Closed Undefined Unassigned

              rojacob@redhat.com Robert Jacob
              rhn-engineering-aconway Alan Conway
              Qiaoling Tang Qiaoling Tang
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: