xtremerui
commented
3 years ago bumping @clarafu
Closed xtremerui closed 3 years ago
xtremerui
commented
3 years ago bumping @clarafu
clarafu
commented
3 years ago Hm I'm going to pull in @vito as the PM here for some insight, because my initial reaction is that this additional flag is added just so that someone that has an outdated certificate is trying to continue using it even though it is no longer supported. I'm just hesitant on adding flags to temporarily fix one person's use case, when it can be solved through generating a proper cert. But I also have very little knowledge of certificates, AD servers, etc and if this will be a more widespread problem that many of our users will run into, so I could be totally wrong.
xtremerui
commented
3 years ago Totally agree, i came to a PR recetnly https://github.com/concourse/docker-image-resource/pull/317, which also adds the same env var for go 1.15.
We should come up with a more systematic way to allow folks ignore the warning (indeed there is case that the cert is out of their control).
vito
commented
3 years ago This is kind of annoying but it seems reasonable to allow this for now just so folks aren't blocked on things outside of their control. 👍
@xtremerui I wouldn't go as far as proactively adding a param for this everywhere - I think it's better for folks to run into it first so they know that something needs to be done. At least with the Helm chart users won't be blocked because you can always add the env var yourself after generating the template.
I'm not keen to add this in to all the resource types, either - that's a lot of churn for something that's deprecated. I'm more inclined to have folks build their own forks instead until they can fix their certs.
fixes #127
alternatively if we want to limit the debug flags option we could do sth like
if enable_godebug_cn_matching GODEBUG: x509ignoreCN=0
to hardcode the name/value pair. WDYT?