Code review comment for lp:~gz/juju-core/1.16_ssl_verification_bootstrap_state_1268913
Revision history for this message
| Andrew Wilkins (axwalk) wrote | # |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
a60fb26
(Get the code!)
On 2014/01/29 07:53:19, axw wrote:
> On 2014/01/27 18:11:55, gz wrote:
> > Please take a look.
> "On trunk, I don't see why ClientTLS shouldn't be switched
> to just use https all the time."
> I suppose we could just use HTTPS, but disable host key verification.
The
> certificate isn't known to clients other than management nodes/CLI.
William pointed out to me that actually, yes, we do have the (public) CA
cert. So we could indeed use HTTPS all the time. It would require us to
somehow get the cert into cloud-init so wget can use it when fetching
tools, and to use it when fetching from storage generally.
https:/