Project

General

Profile

Bug #18936

Download of OS specific kernel and initrd files should verify certificates

Added by Dominic Schlegel over 4 years ago. Updated 3 months ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
TFTP
Target version:
-
Difficulty:
trivial
Triaged:
Yes
Bugzilla link:
Fixed in Releases:
Found in Releases:

Description

The documentation https://theforeman.org/manuals/1.14/index.html#4.3.9TFTP mentions that the Download of OS specific kernel and initrd files does not verify certificates. In particular step 5 of the work flow mentions the exact wget command:

wget --no-check-certificate -nv -c <src> -O "<destination>" 

I can not imagine any reason why the option --no-check-certificate should be used. Therefore I suggest to remove it.
If there is a use case which is valid I suggest that the GUI offers a checkbox in the installation Media detail page that turns on/off the certificate check.

Associated revisions

Revision 040da586 (diff)
Added by Anna Vitova 3 months ago

fixes #18936 - Check server certs in the TFTP module

History

#1 Updated by Dominic Cleal over 4 years ago

  • Project changed from Foreman to Smart Proxy
  • Category set to TFTP

#2 Updated by Lukas Zapletal 4 months ago

  • Triaged changed from No to Yes
  • Difficulty set to trivial

#3 Updated by Lukas Zapletal 4 months ago

Let's add a new tftp.yaml setting named "verify_server_cert", when true the "--no-check-certificate" argument will be used.

#5 Updated by Dominic Schlegel 4 months ago

Lukas Zapletal wrote:

Let's add a new tftp.yaml setting named "verify_server_cert", when true the "--no-check-certificate" argument will be used.

That naming is confusing me. Shouldn't it be when "verify_server_cert" is set to false that the "--no-check-certificate" should be added?

#6 Updated by Lukas Zapletal 3 months ago

Correct, typing on a call is hard :-)

#7 Updated by The Foreman Bot 3 months ago

  • Status changed from New to Ready For Testing
  • Pull request https://github.com/theforeman/smart-proxy/pull/792 added

#8 Updated by Anna Vítová 3 months ago

  • Assignee set to Anna Vítová

#9 Updated by The Foreman Bot 3 months ago

  • Fixed in Releases 3.0.0 added

#10 Updated by Anonymous 3 months ago

  • Status changed from Ready For Testing to Closed

Also available in: Atom PDF