Hi,
I want to create a dynamic backend in JS Compute service code.
What is the configuration for Do NOT check the certificate as shown below in the req.backend.connect_info vcl code [check_cert=0
]?
According to the enum Slots here, we have no such option.
Thanks.
v=1;name=n1AoGehkBnfnsJ9X4jWMD4--F_Host_1;ip=52.186.117.115;port=443;ssl=1;max=200;ka_ns=0;tka_s=300;tki_s=10;tkp=3;host=arikede.global.ssl.fastly.net;min_tls=;max_tls=;sni=;cert_host=52.186.117.115;ciphers=;check_cert=0;no_reneg=1;to_ns=1000000000;fbto_ns=15000000000;bbto_ns=10000000000
I think it is a bug of missing configuration.
Can you please check it internally?
@triblondon , @aspires
Thanks.
Hey @tchelet we’re checking, thanks for the bump
when you register a dynamic backend, you have the option to explicitly enable ssl for the backend. You can choose to not use useSSL: true if you just want a non-ssl connection. does that answer your question or did I misunderstand something?
Thanks for the response.
We use the useSSL:true
but don’t want to validate the certificate.
The requested missing configuration is equivalent to the check_cert==0
from the req.backend.connect_info
Hi,
Is there any news about this missing configuration? Are you going to address it?
Thanks.
Hi @tchelet we’re not actively pursuing this, as it reduces an aspect of security in the TLS connection.
Since it inevitably prompts the question around this setting in other places in the platform, I don’t have any insight on the VCL services side at the moment. However, we wouldn’t make a change to that platform without an extensive communication and migration plan.
Thanks, @aspires, for your response.
This flag is available under the origin backend configuration.
So, we would like to copy this configuration to the Dynamic backend configuration. That is all.
That’s a fair point. @tchelet would you be open to chatting more about what you’re building and the architectural details on a call? You can book me with this link whenever it’s convenient for you https://calendar.app.google/C5QrXPVf5KjGPmfs9
Hi @aspires ,
As discussed over Zoom, It seems like it blocks our solution.
What is the current status of this missing configuration?
Do you plan to handle it soon?
Thanks.
Hi @tchelet I put this into our triage queue for processing. I can’t speak accurately to when this will be pulled into our backlog, but if it is we’ll keep you up to date.
Hi @aspires,
Is there any news here? Did Fastly handle this FR?
Thanks.