summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPhil Dibowitz <phil@ipom.com>2015-01-20 09:46:57 -0800
committerPhil Dibowitz <phil@ipom.com>2015-01-20 09:46:57 -0800
commitb622710cd1ee8af39bc3ff255e2394c0115abaac (patch)
tree12c53d5ad8a97d1e2e740ba5b30943ca70d7a75c
parentb9e91171f6bd4ac55d62c6b9b72838fa89a1330e (diff)
parentd29a38eb258c006bec566fac30f142aeae0c9e36 (diff)
downloadchef-b622710cd1ee8af39bc3ff255e2394c0115abaac.tar.gz
Merge pull request #2762 from jaymzh/sslwarn
Suppress SSL warnings if I know what I'm doing
-rw-r--r--CHANGELOG.md2
-rw-r--r--DOC_CHANGES.md4
-rw-r--r--RELEASE_NOTES.md4
-rw-r--r--lib/chef/client.rb33
4 files changed, 10 insertions, 33 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md
index bf7c3d9dc3..64c35d257b 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -19,6 +19,8 @@
* [**Tim Smith**](https://github.com/tas50)
Typo fixes
* [Pull 2505](https://github.com/opscode/chef/pull/2505) Make Chef handle URIs in a case-insensitive manner
+* [**Phil Dibowitz**](https://github.com/jaymzh):
+ Drop SSL warnings now that we have a safe default
### Chef Contributions
* ruby 1.9.3 support is dropped
diff --git a/DOC_CHANGES.md b/DOC_CHANGES.md
index 7429baca2a..dbe79478f5 100644
--- a/DOC_CHANGES.md
+++ b/DOC_CHANGES.md
@@ -35,3 +35,7 @@ The `--audit-mode` flag should be a link to the documentation for that flag
This probably only needs to be a bullet point added to http://docs.getchef.com/nodes.html#about-why-run-mode under the
`certain assumptions` section
+
+## Drop SSL Warnings
+Now that the default for SSL checking is on, no more warning is emitted when SSL
+checking is off.
diff --git a/RELEASE_NOTES.md b/RELEASE_NOTES.md
index 43c8f06d93..329f55555b 100644
--- a/RELEASE_NOTES.md
+++ b/RELEASE_NOTES.md
@@ -64,6 +64,10 @@ The package resource on OpenBSD is wired up to use the new OpenBSD package provi
Previously, when a URI scheme contained all uppercase letters, Chef would reject the URI as invalid. In compliance with RFC3986, Chef now treats URI schemes in a case insensitive manner.
+## Drop SSL Warnings
+Now that the default for SSL checking is on, no more warning is emitted when SSL
+checking is off.
+
# Chef Client Release Notes 12.0.0:
# Internal API Changes in this Release
diff --git a/lib/chef/client.rb b/lib/chef/client.rb
index 77f63671d7..3d9678ea31 100644
--- a/lib/chef/client.rb
+++ b/lib/chef/client.rb
@@ -419,8 +419,6 @@ class Chef
begin
runlock.save_pid
- check_ssl_config
-
request_id = Chef::RequestID.instance.request_id
run_context = nil
@events.run_start(Chef::VERSION)
@@ -529,37 +527,6 @@ class Chef
Chef::ReservedNames::Win32::Security.has_admin_privileges?
end
- def check_ssl_config
- if Chef::Config[:ssl_verify_mode] == :verify_none and !Chef::Config[:verify_api_cert]
- Chef::Log.warn(<<-WARN)
-
-* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
-SSL validation of HTTPS requests is disabled. HTTPS connections are still
-encrypted, but chef is not able to detect forged replies or man in the middle
-attacks.
-
-To fix this issue add an entry like this to your configuration file:
-
-```
- # Verify all HTTPS connections (recommended)
- ssl_verify_mode :verify_peer
-
- # OR, Verify only connections to chef-server
- verify_api_cert true
-```
-
-To check your SSL configuration, or troubleshoot errors, you can use the
-`knife ssl check` command like so:
-
-```
- knife ssl check -c #{Chef::Config.config_file}
-```
-
-* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
-WARN
- end
- end
-
end
end