Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unconditional use of curl option --capath is wrong in case server provides a non-IGTF certificate #10

Open
ahaupt opened this issue Aug 23, 2020 · 1 comment
Open

Unconditional use of curl option --capath is wrong in case server provides a non-IGTF certificate #10

ahaupt opened this issue Aug 23, 2020 · 1 comment

Comments

@ahaupt
Copy link
Contributor

ahaupt commented Aug 23, 2020

Hi Onno,

prometheus.desy.de uses a standard DFN host certificate which curl can verify without setting --capath. So using this option unconditionally is counterproductive in this case.

Haven't found a nice way to fix this, yet - that's why I just open this bug ;-)

Cheers,
Andreas
@onnozweers
Copy link
Contributor

onnozweers commented Sep 23, 2020
edited
Loading

How about we create a parameter igtf which is false by default, but which you can set to true by specifying --igtf or with an environment var like export ada_igtf=true? Of course the option could be set in /etc/ada.conf or ~/.ada/ada.conf as well. So, for us, we would set igtf=true in our /etc/ada.conf file.

Then, when igtf=true, the curl --capath will be set. When igtf=false, the --capath will not be used.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ahaupt @onnozweers