Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enable Bitbucket TLS by default #111

Open
greenyouse opened this issue Mar 27, 2020 · 2 comments
Open

Enable Bitbucket TLS by default #111

greenyouse opened this issue Mar 27, 2020 · 2 comments

Comments

@greenyouse
Copy link
Contributor

greenyouse commented Mar 27, 2020
edited
Loading

I was working with deploying this against a Bitbucket data center setup but ran into a snag with TLS verification being disabled. This could open up man in the middle attacks for larger organizations. Would it make sense to have this enabled by default since most users would have a server with a valid certificate?

Maybe there could be a flag to disable the TLS authentication so it is still usable without a certificate?

The main downside is that this would be a breaking change if someone depends on that and updates to the latest version of zoekt. To help with the breaking change, the new code could print out an error message to call out the disable TLS flag which the user should pass in their mirror_config.
@hanwen
Copy link
Contributor

hanwen commented Mar 28, 2020

I agree with you, and I didn't notice during review. Yes, this should be disabled. Send a change? (see CONTRIBUTING)

@greenyouse
Copy link
Contributor Author

Sure, I can get started on a patch. I haven't worked with go very much but this change sounds straight forward. I'll give it a shot today.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@hanwen @greenyouse