Allow ability to turn off curl's verification of the certificate
ZhongRabbit opened this issue · 4 comments
Describe Request:
Allow the ability to add "-k" flag to curl command will be very useful.
https://github.com/CircleCI-Public/slack-orb/blob/main/src/scripts/notify.sh#L55
We currently use convox/slack Docker image for production deployment. This Docker image has expired certificates as of today, preventing critical production pipelines.
By default we'd of course allow curl's default behavior of verifying certs. But I'm thinking setting a env var "TURN_OFF_CERT_VERIFICATION" will trigger this behavior.
+1 to this, this is affecting our builds as well
We fixed by updating the base docker image where we used this orb. The updated base image had updated certs => no longer seeing curl 60 issues
More details here: http://curl.haxx.se/docs/sslcerts.html
curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn't adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
the -k (or --insecure) option.```
How to solve this issue?
+1 to this, this is affecting our builds as wellWe fixed by updating the base docker image where we used this orb. The updated base image had updated certs => no longer seeing curl 60 issues
Thanks for the suggestion folks. In the pursuit of keeping the orb easy to use and limiting the number of extra flags and documentation, I am going to mark this item as won't_do. We recommend updating the image to contain a compatible version of Curl with valid root certs. We want to minimalize how much this orb needs to manage its dependencies.