diff options
author | Claire McQuin <mcquin@users.noreply.github.com> | 2014-09-15 16:23:21 -0700 |
---|---|---|
committer | Claire McQuin <mcquin@users.noreply.github.com> | 2014-09-15 16:23:21 -0700 |
commit | 433d03116693d094469ed798108ee7868cc6d460 (patch) | |
tree | 4043cf9093b151d288273b93c5856bfb0b09a4fa | |
parent | 7ddd70e480e6471a1c0786152fdff164a05749d5 (diff) | |
parent | 3fb87070ac5faf9ab20967e57275491345e4c45b (diff) | |
download | chef-433d03116693d094469ed798108ee7868cc6d460.tar.gz |
Merge pull request #2012 from opscode/mcquin/verify_peer_default
Change :ssl_verify_mode config default to :verify_peer
-rw-r--r-- | CHANGELOG.md | 1 | ||||
-rw-r--r-- | lib/chef/config.rb | 9 | ||||
-rw-r--r-- | spec/support/shared/functional/file_resource.rb | 6 | ||||
-rw-r--r-- | spec/unit/config_spec.rb | 4 |
4 files changed, 14 insertions, 6 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index d3b4d82d21..e5b7532632 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -133,6 +133,7 @@ to be able to configure these settings on the bootstrapped node. * Add partial_search dsl method to Chef::Search::Query, add result filtering to search. * Transfer trusted certificates under :trusted_certs_dir during bootstrap. +* Set :ssl_verify_mode to :verify_peer by default. ## Last Release: 11.14.2 diff --git a/lib/chef/config.rb b/lib/chef/config.rb index 1963a95aab..74607e8368 100644 --- a/lib/chef/config.rb +++ b/lib/chef/config.rb @@ -331,10 +331,11 @@ class Chef default :ssl_client_cert, nil default :ssl_client_key, nil - # Whether or not to verify the SSL cert for all HTTPS requests. If set to - # :verify_peer, all HTTPS requests will be validated regardless of other - # SSL verification settings. - default :ssl_verify_mode, :verify_none + # Whether or not to verify the SSL cert for all HTTPS requests. When set to + # :verify_peer (default), all HTTPS requests will be validated regardless of other + # SSL verification settings. When set to :verify_none no HTTPS requests will + # be validated. + default :ssl_verify_mode, :verify_peer # Whether or not to verify the SSL cert for HTTPS requests to the Chef # server API. If set to `true`, the server's cert will be validated diff --git a/spec/support/shared/functional/file_resource.rb b/spec/support/shared/functional/file_resource.rb index 804830fcdc..72b72912bd 100644 --- a/spec/support/shared/functional/file_resource.rb +++ b/spec/support/shared/functional/file_resource.rb @@ -284,6 +284,7 @@ shared_examples_for "a file resource" do before do Chef::Config[:why_run] = true + Chef::Config[:ssl_verify_mode] = :verify_none end after do @@ -333,6 +334,10 @@ shared_examples_for "file resource not pointing to a real file" do !symlink?(file_path) && File.file?(file_path) end + before do + Chef::Config[:ssl_verify_mode] = :verify_none + end + describe "when force_unlink is set to true" do it ":create unlinks the target" do real_file?(path).should be_false @@ -363,6 +368,7 @@ shared_examples_for "a configured file resource" do before do Chef::Log.level = :info + Chef::Config[:ssl_verify_mode] = :verify_none end # note the stripping of the drive letter from the tmpdir on windows diff --git a/spec/unit/config_spec.rb b/spec/unit/config_spec.rb index af71c43b77..41411669e6 100644 --- a/spec/unit/config_spec.rb +++ b/spec/unit/config_spec.rb @@ -242,8 +242,8 @@ describe Chef::Config do Chef::Config[:file_backup_path].should == backup_path end - it "Chef::Config[:ssl_verify_mode] defaults to :verify_none" do - Chef::Config[:ssl_verify_mode].should == :verify_none + it "Chef::Config[:ssl_verify_mode] defaults to :verify_peer" do + Chef::Config[:ssl_verify_mode].should == :verify_peer end it "Chef::Config[:ssl_ca_path] defaults to nil" do |