TLS was not being verified in a number of places: - connections to grafana.com - connections to OAuth providers when TLS client authentication was enabled - connections to self-hosted Grafana installations when using the CLI tool TLS should always be verified unless the user explicitly enables an option to skip verification. Removes some instances where `InsecureSkipVerify` is explicitly set to `false`, the default, to help avoid confusion and make it more difficult to regress on this fix by accident. Adds a `--insecure` flag to `grafana-cli` to skip TLS verification. Adds a `tls_skip_verify_insecure` setting for OAuth. Adds a `app_tls_skip_verify_insecure` setting under a new `[plugins]` section. I'm not super happy with the way the global setting is used by `pkg/api/app_routes.go` but that seems to be the existing pattern used.
Name |
Last commit
|
Last Update |
---|---|---|
.. | ||
api | Loading commit data... | |
bus | Loading commit data... | |
cmd | Loading commit data... | |
components | Loading commit data... | |
events | Loading commit data... | |
log | Loading commit data... | |
login | Loading commit data... | |
metrics | Loading commit data... | |
middleware | Loading commit data... | |
models | Loading commit data... | |
plugins | Loading commit data... | |
services | Loading commit data... | |
setting | Loading commit data... | |
social | Loading commit data... | |
tracing | Loading commit data... | |
tsdb | Loading commit data... | |
util | Loading commit data... |