thunderdome-planning-poker icon indicating copy to clipboard operation
thunderdome-planning-poker copied to clipboard

Published 20 hours ago verified publisher icon StevenWeathers

[Auth] SECURITY: Allow Specifying Self Signed CA for LDAP StartTLS Server Verification

Open jdsatava127 opened this issue 2 years ago • 1 comments

The StartTLS connection is currently executed with InsecureSkipVerify set to true in https://github.com/StevenWeathers/thunderdome-planning-poker/blob/60c5977f34e8e29c07f73755579f934bc70bb35d/api/util.go#L308. It would be great if you were able to set the InsecureSkipVerify option via the config file/env and also have the ability to specify self-signed or other CA files to use with InsecureSkipVerify set to true. This would improve the security of the LDAP connections.

jdsatava127 avatar May 03 '22 01:05 jdsatava127

I will consider this, will have to look at how accepting the certificate files would work given I don't deal with LDAP on a regular basis. I'm also happy to accept pull requests.

StevenWeathers avatar May 03 '22 02:05 StevenWeathers

While I understand the benefit of this suggestion, I don't intend to implement this, willing to accept a PR though.

StevenWeathers avatar Aug 19 '23 03:08 StevenWeathers