[pve-devel] [PATCH manager] ui: storage: esxi: check 'skip certificate verification' by default

Thomas Lamprecht t.lamprecht at proxmox.com
Thu Mar 21 18:07:08 CET 2024


On 20/03/2024 16:39, Dominik Csapak wrote:
> needing one less step when adding the storage, assuming most esxi
> certificates are self-signed.

Well this makes it insecure by default though? Which is not something
I'd just not mention in such a commit message...

As that was the original reason I ticked it in the first place
when pondering between security and convenience...

If we do this I'd rather rename it to "Check Certificate" and have
that unticked.

Even better would be to be able to pass a finger-print, which was our
first idea, but Wolfgang found that the esxi python wrapper is to
enterprisy to hook into basic TLS validation, and he also rejected
proxying..




More information about the pve-devel mailing list