summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorClaire McQuin <mcquin@users.noreply.github.com>2014-09-15 16:23:21 -0700
committerClaire McQuin <mcquin@users.noreply.github.com>2014-09-15 16:23:21 -0700
commit433d03116693d094469ed798108ee7868cc6d460 (patch)
tree4043cf9093b151d288273b93c5856bfb0b09a4fa
parent7ddd70e480e6471a1c0786152fdff164a05749d5 (diff)
parent3fb87070ac5faf9ab20967e57275491345e4c45b (diff)
downloadchef-433d03116693d094469ed798108ee7868cc6d460.tar.gz
Merge pull request #2012 from opscode/mcquin/verify_peer_default
Change :ssl_verify_mode config default to :verify_peer
-rw-r--r--CHANGELOG.md1
-rw-r--r--lib/chef/config.rb9
-rw-r--r--spec/support/shared/functional/file_resource.rb6
-rw-r--r--spec/unit/config_spec.rb4
4 files changed, 14 insertions, 6 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md
index d3b4d82d21..e5b7532632 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -133,6 +133,7 @@
to be able to configure these settings on the bootstrapped node.
* Add partial_search dsl method to Chef::Search::Query, add result filtering to search.
* Transfer trusted certificates under :trusted_certs_dir during bootstrap.
+* Set :ssl_verify_mode to :verify_peer by default.
## Last Release: 11.14.2
diff --git a/lib/chef/config.rb b/lib/chef/config.rb
index 1963a95aab..74607e8368 100644
--- a/lib/chef/config.rb
+++ b/lib/chef/config.rb
@@ -331,10 +331,11 @@ class Chef
default :ssl_client_cert, nil
default :ssl_client_key, nil
- # Whether or not to verify the SSL cert for all HTTPS requests. If set to
- # :verify_peer, all HTTPS requests will be validated regardless of other
- # SSL verification settings.
- default :ssl_verify_mode, :verify_none
+ # Whether or not to verify the SSL cert for all HTTPS requests. When set to
+ # :verify_peer (default), all HTTPS requests will be validated regardless of other
+ # SSL verification settings. When set to :verify_none no HTTPS requests will
+ # be validated.
+ default :ssl_verify_mode, :verify_peer
# Whether or not to verify the SSL cert for HTTPS requests to the Chef
# server API. If set to `true`, the server's cert will be validated
diff --git a/spec/support/shared/functional/file_resource.rb b/spec/support/shared/functional/file_resource.rb
index 804830fcdc..72b72912bd 100644
--- a/spec/support/shared/functional/file_resource.rb
+++ b/spec/support/shared/functional/file_resource.rb
@@ -284,6 +284,7 @@ shared_examples_for "a file resource" do
before do
Chef::Config[:why_run] = true
+ Chef::Config[:ssl_verify_mode] = :verify_none
end
after do
@@ -333,6 +334,10 @@ shared_examples_for "file resource not pointing to a real file" do
!symlink?(file_path) && File.file?(file_path)
end
+ before do
+ Chef::Config[:ssl_verify_mode] = :verify_none
+ end
+
describe "when force_unlink is set to true" do
it ":create unlinks the target" do
real_file?(path).should be_false
@@ -363,6 +368,7 @@ shared_examples_for "a configured file resource" do
before do
Chef::Log.level = :info
+ Chef::Config[:ssl_verify_mode] = :verify_none
end
# note the stripping of the drive letter from the tmpdir on windows
diff --git a/spec/unit/config_spec.rb b/spec/unit/config_spec.rb
index af71c43b77..41411669e6 100644
--- a/spec/unit/config_spec.rb
+++ b/spec/unit/config_spec.rb
@@ -242,8 +242,8 @@ describe Chef::Config do
Chef::Config[:file_backup_path].should == backup_path
end
- it "Chef::Config[:ssl_verify_mode] defaults to :verify_none" do
- Chef::Config[:ssl_verify_mode].should == :verify_none
+ it "Chef::Config[:ssl_verify_mode] defaults to :verify_peer" do
+ Chef::Config[:ssl_verify_mode].should == :verify_peer
end
it "Chef::Config[:ssl_ca_path] defaults to nil" do