diff options
| author | danielsdeleo <dan@getchef.com> | 2014-03-21 16:07:02 -0700 |
|---|---|---|
| committer | danielsdeleo <dan@getchef.com> | 2014-03-24 12:17:03 -0700 |
| commit | ed0dc002f86ba2ea0a35b7f73f42397914e99e50 (patch) | |
| tree | 546d1347f678ce910cec2052242ae5141be42840 /DOC_CHANGES.md | |
| parent | 6eaaea33a61658bae7cc224cdd2eb0db74413efc (diff) | |
| download | chef-ed0dc002f86ba2ea0a35b7f73f42397914e99e50.tar.gz | |
Check SSL configuration once per client run.
We want to ensure users see this. Also add a longer description of the
risks of the verify_none setting and a pointer to `knife ssl check` for
troubleshooting help. The warning message looks like this:
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
SSL validation of HTTPS requests is disabled. HTTPS connections are still
encrypted, but chef is not able to detect forged replies or man in the middle
attacks.
To fix this issue add an entry like this to your configuration file:
```
# Verify all HTTPS connections (recommended)
ssl_verify_mode :verify_peer
# OR, Verify only connections to chef-server
verify_api_cert true
```
To check your SSL configuration, or troubleshoot errors, you can use the
`knife ssl check` command like so:
```
knife ssl check -c /etc/chef/client.rb
```
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * ** * * * *
Diffstat (limited to 'DOC_CHANGES.md')
0 files changed, 0 insertions, 0 deletions