On 09/10/2018 08:47, Paul Cuzner wrote:
Excellent.
Will this also work with self-signed, or would you simply specify
validate false?
The latter. The following for self-signed:
{ "tls": { "validate": false } }
In particular self-signed certificates do not have anything appropriate
to put under "authority" in order to make them validate.
Stef
On Tue, Oct 9, 2018 at 7:38 PM Stef Walter <swalter(a)redhat.com>
wrote:
>
> On 08/10/2018 22:24, Paul Cuzner wrote:> Hi,
>>
>> I can see in the docs that there is http based support for cockpit to
>> interact with HTTP endpoint, which works fine.
>>
>> Could anyone clarify the approach when the endpoint that the plugin
>> needs to interact with is https instead of http (I'm assuming most
>> REST interfaces will be secure at least over the wire!)?
>
> Whoops, looks like documentation for the HTTPS part of cockpit.http() is
> missing. I've opened a pull request to document each option:
>
>
https://github.com/cockpit-project/cockpit/pull/10249
>
> The pull request includes an example that looks something like this:
>
> http = cockpit.http({
> "address": "localhost",
> "headers": {
> "Authorization": "Basic dXNlcjpwYXNzd29yZA=="
> },
> "port": 443,
> "tls": {
> "validate": true,
> "authority": {
> "file": "/etc/pki/tls/certs/ca-bundle.crt",
> },
> "certificate": {
> "data": "-----BEGIN CERTIFICATE-----\nMIIDsDCCA..."
> },
> "key": {
> "data": "-----BEGIN RSA PRIVATE
KEY-----\nMIIEogIBA..."
> }
> }
> });
>
> Hope that helps,
>
> Stef
_______________________________________________
cockpit-devel mailing list -- cockpit-devel(a)lists.fedorahosted.org
To unsubscribe send an email to cockpit-devel-leave(a)lists.fedorahosted.org
Fedora Code of Conduct:
https://getfedora.org/code-of-conduct.html
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/cockpit-devel@lists.fedoraho...