Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update transport cert verification to full #2659

Merged
merged 3 commits into from
Mar 5, 2020

Conversation

anyasabo
Copy link
Contributor

@anyasabo anyasabo commented Mar 3, 2020

We can use full certificate verification for the transport layer since users cannot modify the transport certs, and we issue certificates for each pod. We do not have any open issues to allow users to modify the transport certs, and if we decide to change course later we can roll back this change pretty easily.

Also clarifies why we use our own cert validation for the ES HTTP client, since we do not need it when we manage certificates and it was confusing for me until dear @nkvoll pointed it out.

@anyasabo anyasabo added >enhancement Enhancement of existing functionality v1.1.0 labels Mar 3, 2020
@anyasabo anyasabo requested review from nkvoll and pebrc March 3, 2020 15:48
@anyasabo anyasabo merged commit 5c24936 into elastic:master Mar 5, 2020
@anyasabo anyasabo deleted the fullcert branch March 5, 2020 20:35
@pebrc pebrc added >non-issue and removed >enhancement Enhancement of existing functionality labels Apr 21, 2020
@pebrc
Copy link
Collaborator

pebrc commented Apr 21, 2020

Reverted in #2831 (thus >non-issue)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants