reva icon indicating copy to clipboard operation
reva copied to clipboard

Published 20 hours ago verified publisher icon cs3org

Some "insecure" options are hardcoded to true

Open wkloucek opened this issue 3 years ago • 0 comments

Describe the bug

Some REVA "insecure" configurations default to true.

Expected behavior

"insecure" options (most of the time it's SSL cert validation check skip) must be configurable and default to false.

Actual behavior

some "insecure" options default to true, eg.

  • https://github.com/cs3org/reva/blob/a133b602f6259335f1a799434d15b712d960800d/cmd/reva/main.go#L114
  • https://github.com/cs3org/reva/blob/8485d4046dbc4f8b4395d82eea78129b928833bb/cmd/reva/download.go#L108
  • https://github.com/cs3org/reva/blob/a8c61401b662d8e09175416c0556da8ef3ba8ed6/pkg/cbox/utils/tokenmanagement.go#L67

GRPC connections use also the insecure option (https://grpc.io/docs/guides/auth/#go)

  • https://github.com/cs3org/reva/blob/63cd96849ff22995752d393c357854dcd503d0b5/pkg/rgrpc/todo/pool/pool.go#L87-L90

wkloucek avatar Oct 28 '21 12:10 wkloucek