Dvc: s3 and compatible: add a config option to support validate_certs

Created on 6 Mar 2020  路  4Comments  路  Source: iterative/dvc

Similar to use_ssl, we should probably provide a config for this.

More context here - https://discordapp.com/channels/485586884165107732/485596304961962003/685129104214851595

enhancement good first issue p2-medium
Source
picture shcheklein

Most helpful comment

No. It's just that, when you are providing custom cert, it'll still be validated. But, if the validation is entirely disabled, you are trusting anything. So, providing custom certs is more secure.

Of course, we should also support disabling validation of certs.

picture skshetry on 6 Mar 2020
👍2

All 4 comments

We should provide this option, but it's better if user explicitly provided their custom certs via (AWS_CA_BUNDLE) (need to check though if it really works).

skshetry picture skshetry on 6 Mar 2020

I think both options complement each other, don't see any contradiction. The same as boto probably supports both, as far as I understand. Do you have any specific concerns, @skshetry ?

shcheklein picture shcheklein on 6 Mar 2020

No. It's just that, when you are providing custom cert, it'll still be validated. But, if the validation is entirely disabled, you are trusting anything. So, providing custom certs is more secure.

Of course, we should also support disabling validation of certs.

skshetry picture skshetry on 6 Mar 2020
👍2

We should provide this option, but it's better if user explicitly provided their custom certs via (AWS_CA_BUNDLE) (need to check though if it really works).

I can confirm that this does work, that's what I'm doing at the moment

charlesbaynham picture charlesbaynham on 6 Mar 2020
👍1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

luchoPipe87 picture luchoPipe87  路  69Comments
Suor picture Suor  路  39Comments
Casyfill picture Casyfill  路  56Comments
shcheklein picture shcheklein  路  36Comments
ynop picture ynop  路  41Comments