libcluster icon indicating copy to clipboard operation
libcluster copied to clipboard

Published 20 hours ago verified publisher icon bitwalker

No SSL certificate validation on cluster API call

Open pzhuk opened this issue 4 years ago • 0 comments

HTTP client has hardcoded no-verification approach for SSL connections to cluster endpoints.

I guess, it might be on purpose - than has to be documented. Otherwise has to be considered as security issue?

https://github.com/bitwalker/libcluster/blob/1a0640f2b39adc430a121add01ab2ae0a4ee35b2/lib/strategy/kubernetes.ex#L223

pzhuk avatar Jun 13 '20 11:06 pzhuk