Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

have a global default flag for trusting certificates #8975

Closed
maxandersen opened this issue Apr 30, 2020 · 3 comments · Fixed by #9855
Closed

have a global default flag for trusting certificates #8975

maxandersen opened this issue Apr 30, 2020 · 3 comments · Fixed by #9855
Labels
kind/enhancement New feature or request
Milestone
1.11.0.Beta1

Comments

@maxandersen
Copy link
Member

Description
Today we (so far) have the following properties to indicate if a certain extension should trust-all extension.

quarkus.oidc.tls.verification
quarkus.vault.tls.skip-verify
quarkus.kubernetes-client.trust-certs
quarkus.mailer.trust-all
quarkus.vertx.eventbus.trust-all

That feels maddening :)

Suggestion is two-fold:

  1. have one global property that all of these uses as default.
  2. deprecate the above names and use the basename, i.e. "trust-all" so when searching you can find all the places you can tweak if you want to.
@maxandersen maxandersen added the kind/enhancement New feature or request label Apr 30, 2020
@sberyozkin
Copy link
Member

trust-all sounds good. Though it is only a leaf property, I suppose we should encourage OIDC users to do quarkus.oidc.tls.trust-all as trust-all only makes sense in scope of TLS and there will be more TLS specific properties. Proposal is to have tls.trust-all for all the extensions.

@glefloch
Copy link
Member

@maxandersen, I would be interested to work on this. Regarding the name of the key, would quarkus.tls.trust-all be ok ?

@maxandersen
Copy link
Member Author

I think so - but i think we'll finally know better when we got a PR to look and touch it ;) the good thing is that once we get this cleaned up adjusting the final names should be fairly easy i hope!

and thanks @glefloch for taking this one up and sorry for delay in response!

@glefloch glefloch mentioned this issue Jun 8, 2020
Merged
@glefloch glefloch mentioned this issue Sep 25, 2020
Closed
@ghost ghost added this to the 1.11 - master milestone Nov 19, 2020
@maxandersen maxandersen mentioned this issue Feb 4, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/enhancement New feature or request
Projects
None yet
Milestone
1.11.0.Beta1
Development

Successfully merging a pull request may close this issue.

Add global quarkus.tls.trust-all configuration property glefloch/quarkus
3 participants
@maxandersen @sberyozkin @glefloch