diff options
| author | Yuriy Andamasov <yuriy@vyos.io> | 2026-06-02 17:49:20 +0300 |
|---|---|---|
| committer | Yuriy Andamasov <yuriy@vyos.io> | 2026-06-02 17:49:20 +0300 |
| commit | d0310ac0fba9d52d802160f61b662fca7601d060 (patch) | |
| tree | a6e28ae11148cb1c22d20885bce006bb02fb24a9 /interface-definitions/include/version/nat-version.xml.i | |
| parent | e238afbd6bc272b02b426f1b16fe8d16f6069c05 (diff) | |
| download | vyos-1x-fix/T8955-http-api-verify-tls.tar.gz vyos-1x-fix/T8955-http-api-verify-tls.zip | |
http-api-client: T8955: enable TLS verification by defaultfix/T8955-http-api-verify-tls
ApiClientConfig.verify_tls defaulted to False and ApiClient unconditionally
silenced urllib3's InsecureRequestWarning, so TLS peer verification was off by
default. The sole consumer, src/op_mode/config_sync.py, builds the client
without passing verify_tls and therefore connected to a *remote* secondary VyOS
node over HTTPS without verifying the certificate -- a MITM exposure on the
channel that carries the API key and the full configuration.
- ApiClientConfig.verify_tls now defaults to True and accepts Union[bool, str];
a string is forwarded to requests as a CA bundle path (verify=<path>).
- InsecureRequestWarning is suppressed only when verification is explicitly
disabled (verify_tls is False), not when a CA path or True is set.
- config_sync reads an optional verify_tls from the secondary runtime settings,
defaulting to False to preserve current behaviour for self-signed secondaries.
The insecurity is now explicit at the call site instead of hidden in the
library default. A first-class CLI knob (set service config-sync secondary
verify-tls / ca-certificate, with XML + migration) is the follow-up.
🤖 Generated by [robots](https://vyos.io)
Diffstat (limited to 'interface-definitions/include/version/nat-version.xml.i')
0 files changed, 0 insertions, 0 deletions
