[lxc-devel] [lxd/master] disable insecure TLS in CA mode

tych0 on Github lxc-bot at linuxcontainers.org
Fri Dec 2 19:46:09 UTC 2016


A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 463 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20161202/33a6a712/attachment.bin>
-------------- next part --------------
From 984f3ecd397bd1e03f2b277f0169bb8c9b3d659b Mon Sep 17 00:00:00 2001
From: Tycho Andersen <tycho.andersen at canonical.com>
Date: Fri, 2 Dec 2016 19:44:45 +0000
Subject: [PATCH] disable insecure TLS in CA mode

I'm not sure if this actually matters or not, but it's implementation
dependent and might matter.

Signed-off-by: Tycho Andersen <tycho.andersen at canonical.com>
---
 lxd/daemon.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/lxd/daemon.go b/lxd/daemon.go
index f0debc8..b739e72 100644
--- a/lxd/daemon.go
+++ b/lxd/daemon.go
@@ -899,6 +899,7 @@ func (d *Daemon) Init() error {
 			caPool.AddCert(ca)
 			tlsConfig.RootCAs = caPool
 			tlsConfig.ClientCAs = caPool
+			tlsConfig.InsecureSkipVerify = false
 
 			shared.LogInfof("LXD is in CA mode, only CA-signed certificates will be allowed")
 		}


More information about the lxc-devel mailing list