rudder icon indicating copy to clipboard operation
rudder copied to clipboard
verified publisher icon Normation

Fixes #26942: Add new settings to handle certificate trust

Open fanf opened this issue 7 months ago • 3 comments

https://issues.rudder.io/issues/26942

Add three new system variables whose value is taken from rudder properties file.

fanf avatar May 23 '25 16:05 fanf

Looks good to me

peckpeck avatar Jun 11 '25 15:06 peckpeck

After finding the proper option in curl, let's change how rudder.server.certificate.additionalKeyHash should be handled.

It must be a semicolon separated list of hash (not comma separated).

It must be appended to the existing key POLICY_SERVER_KEY_HASH in rudder.json, separated by a semicolon, (there must be no "empty" value in this list, ie no heading, trailing or successive semicolon)

ADDITIONAL_POLICY_SERVER_KEY_HASH system variable is not needed anymore

peckpeck avatar Jun 12 '25 14:06 peckpeck

POLICY_SERVER_CERT_NAME_VALIDATION cannot be implemented as documented, we should replace it with : POLICY_SERVER_SECURE_VALIDATION : false/empty by default to match current state (--insecure is passed to curl)

peckpeck avatar Jun 18 '25 11:06 peckpeck

PR updated with a new commit

fanf avatar Jun 23 '25 14:06 fanf

This PR is not mergeable to upper versions. Since it is "Ready for merge" you must merge it by yourself using the following command: rudder-dev merge https://github.com/Normation/rudder/pull/6395 -- Your faithful QA Kant merge: "Thoughts without content are empty, intuitions without concepts are blind." (https://ci.normation.com/jenkins/job/merge-accepted-pr/103486/console)

Normation-Quality-Assistant avatar Jul 03 '25 14:07 Normation-Quality-Assistant

We need a comprehensive documentation of the impact of these changes.

amousset avatar Jul 03 '25 14:07 amousset

PR updated with a new commit

fanf avatar Jul 04 '25 11:07 fanf

PR updated with a new commit

fanf avatar Jul 04 '25 11:07 fanf

OK, squash merging this PR

fanf avatar Jul 04 '25 16:07 fanf