pnikonowicz
commented
5 years ago This is related to https://github.com/pivotal-cf/go-pivnet/pull/24
Closed siennathesane closed 1 year ago
pnikonowicz
commented
5 years ago This is related to https://github.com/pivotal-cf/go-pivnet/pull/24
pnikonowicz
commented
5 years ago blocked on https://github.com/pivotal-cf/go-pivnet/pull/24 being merged first
depends on pivotal-cf/go-pivnet#24
Pivotal has a lot of enterprise customers who have proxies which perform SSL re-encryption, which is like an authorized man-in-the-middle (MITM). Most companies do this to ensure their employees aren't downloading viruses, browsing illegal content, etc., so it's a common use case.
This was an easily solvable problem when the CLI had support for
--skip-ssl-validation, but then created a new security risk. This PR adds a new flag in pivotal-cf/pivnet-cli,--root-ca, which allows for a customer to pass in their company's root CA, so the SSL connection is validated.Signed-off-by: Mike Lloyd mike@reboot3times.org