Wanna have "ssl_verify_mode" option during building up dockerfile

chef-boneyard / knife-container

DEPRECATED: Container support for Chef's Knife Command

Apache License 2.0

57 stars 11 forks source link

Wanna have "ssl_verify_mode" option during building up dockerfile #30

Closed chrisduong closed 10 years ago

chrisduong commented 10 years ago

Hi,

I think it is useful, since I'm using self-signed cert for my Chef Server. Thanks

tduffield commented 10 years ago

I will accept this as an enhancement request. However, the default that is selected is the more secure option and I have verified that it will work with self-signed certificates.

tduffield commented 10 years ago

After giving it some more thought, I am going to pass on this enhancement. I want to try and keep the number of CLI options fairly clean so I am going to continue enforce the recommended default of :verify_peer. If you are using self-signed certs you should follow the instructions here which explains how to use the trusted_certs directory with self-signed certs. The current version of knife-container will already copy the trusted_certs directory into your context if it exists.