Convert function api_fetch to new format, add parameter for TLS verify mode

Ericsson / puppet-module-vas

Puppet module to manage DELL Authentication Services previously known as VAS or Quest Authentication Services

Apache License 2.0

4 stars 26 forks source link

Convert function api_fetch to new format, add parameter for TLS verify mode #156

Closed anders-larsson closed 9 months ago

anders-larsson commented 9 months ago

Previously OpenSSL::SSL::VERIFY_NONE was enabled by default. It really shouldn't to be honest. Added a parameter with default true (previous default would've been false if it existed). Probably requires a major release.

It's either this or remove the "functionality" altogether (would regardless be a new major release I guess)? You really shouldn't do unverified TLS connections.

anders-larsson commented 9 months ago

To avoid breaking compatibility I'll change it to false by default instead of true. This will avoid us having to release a new major release until we have more breaking changes to do.

anders-larsson commented 9 months ago

Haven't been able to figure out if it's possible to spec test options for OpenSSL yet though. Would probably be a nice additional to actually test whether it's enabled or not.

anders-larsson commented 9 months ago

Tested this functionality with a real Puppet run. Works correctly to switch on TLS verification.