diff options
author | Phil Dibowitz <phil@ipom.com> | 2015-01-20 09:46:57 -0800 |
---|---|---|
committer | Phil Dibowitz <phil@ipom.com> | 2015-01-20 09:46:57 -0800 |
commit | b622710cd1ee8af39bc3ff255e2394c0115abaac (patch) | |
tree | 12c53d5ad8a97d1e2e740ba5b30943ca70d7a75c | |
parent | b9e91171f6bd4ac55d62c6b9b72838fa89a1330e (diff) | |
parent | d29a38eb258c006bec566fac30f142aeae0c9e36 (diff) | |
download | chef-b622710cd1ee8af39bc3ff255e2394c0115abaac.tar.gz |
Merge pull request #2762 from jaymzh/sslwarn
Suppress SSL warnings if I know what I'm doing
-rw-r--r-- | CHANGELOG.md | 2 | ||||
-rw-r--r-- | DOC_CHANGES.md | 4 | ||||
-rw-r--r-- | RELEASE_NOTES.md | 4 | ||||
-rw-r--r-- | lib/chef/client.rb | 33 |
4 files changed, 10 insertions, 33 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index bf7c3d9dc3..64c35d257b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -19,6 +19,8 @@ * [**Tim Smith**](https://github.com/tas50) Typo fixes * [Pull 2505](https://github.com/opscode/chef/pull/2505) Make Chef handle URIs in a case-insensitive manner +* [**Phil Dibowitz**](https://github.com/jaymzh): + Drop SSL warnings now that we have a safe default ### Chef Contributions * ruby 1.9.3 support is dropped diff --git a/DOC_CHANGES.md b/DOC_CHANGES.md index 7429baca2a..dbe79478f5 100644 --- a/DOC_CHANGES.md +++ b/DOC_CHANGES.md @@ -35,3 +35,7 @@ The `--audit-mode` flag should be a link to the documentation for that flag This probably only needs to be a bullet point added to http://docs.getchef.com/nodes.html#about-why-run-mode under the `certain assumptions` section + +## Drop SSL Warnings +Now that the default for SSL checking is on, no more warning is emitted when SSL +checking is off. diff --git a/RELEASE_NOTES.md b/RELEASE_NOTES.md index 43c8f06d93..329f55555b 100644 --- a/RELEASE_NOTES.md +++ b/RELEASE_NOTES.md @@ -64,6 +64,10 @@ The package resource on OpenBSD is wired up to use the new OpenBSD package provi Previously, when a URI scheme contained all uppercase letters, Chef would reject the URI as invalid. In compliance with RFC3986, Chef now treats URI schemes in a case insensitive manner. +## Drop SSL Warnings +Now that the default for SSL checking is on, no more warning is emitted when SSL +checking is off. + # Chef Client Release Notes 12.0.0: # Internal API Changes in this Release diff --git a/lib/chef/client.rb b/lib/chef/client.rb index 77f63671d7..3d9678ea31 100644 --- a/lib/chef/client.rb +++ b/lib/chef/client.rb @@ -419,8 +419,6 @@ class Chef begin runlock.save_pid - check_ssl_config - request_id = Chef::RequestID.instance.request_id run_context = nil @events.run_start(Chef::VERSION) @@ -529,37 +527,6 @@ class Chef Chef::ReservedNames::Win32::Security.has_admin_privileges? end - def check_ssl_config - if Chef::Config[:ssl_verify_mode] == :verify_none and !Chef::Config[:verify_api_cert] - Chef::Log.warn(<<-WARN) - -* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * -SSL validation of HTTPS requests is disabled. HTTPS connections are still -encrypted, but chef is not able to detect forged replies or man in the middle -attacks. - -To fix this issue add an entry like this to your configuration file: - -``` - # Verify all HTTPS connections (recommended) - ssl_verify_mode :verify_peer - - # OR, Verify only connections to chef-server - verify_api_cert true -``` - -To check your SSL configuration, or troubleshoot errors, you can use the -`knife ssl check` command like so: - -``` - knife ssl check -c #{Chef::Config.config_file} -``` - -* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * -WARN - end - end - end end |