Is it possible to disable SSL certificate verification for object storage? #3250
-
Hi! 👋 Thanks in advance. |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments 2 replies
-
Hi @dveselov ! Currently this is not possible. lakeFS uses the golang TLS (SSL) client, and it does not add an option to set its You can always communicate over an insecure channel by providing the endpoint for underlying storage using protocol You can open an issue to set My personal opinion starts hereAs motivation for providing this use case (and bearing in mind that I do not make these decisions alone!), I would like to explain why I would be opposed to doing this. The documentation for this option specifically says:
and I entirely agree. There are very few real-life networking situations where unverified TLS provides any real improvement to security over plaintext. |
Beta Was this translation helpful? Give feedback.
-
How to make it work ? |
Beta Was this translation helpful? Give feedback.
Hi @dveselov !
Currently this is not possible. lakeFS uses the golang TLS (SSL) client, and it does not add an option to set its
InsecureSkipVerify
option. Also, AFAIK that client does not support an environment variable to switch off certificate verification; see comments by the Go developers on an issue to add just that.You can always communicate over an insecure channel by providing the endpoint for underlying storage using protocol
http
rather thanhttps
; for instance that is done in all our tests that use a MinIO running locally.You can open an issue to set
InsecureSkipVerify
! If you do so, please include a good use-case.My personal opinion starts here
As motivation for providing …