Hey,
Is it possible to completely ignore SSL errors when using the remote_file resource in a recipe? After doing some searching, I’ve found that you can append a self signed cert to /opt/chef/embedded/ssl/certs/cacert.pem to make it trusted, however sometimes there is a case when certificates are flat out wrong or outdated and it’d be good if I could ignore SSL errors completely in those scenarios.
remote_file 'https://someaddress.com/file.txt' do
path "C:\file.txt"
action :create
end
Running the above with a failing SSL cert ends with the following:
[2015-10-26T06:40:14-07:00] ERROR: SSL Validation failure connecting to host: someaddress.com - SSL_connect returned=1 errno=0 state=error: certificate verify failed
================================================================================
Error executing action `create` on resource 'remote_file[https://someaddress.com/file.txt]'
================================================================================
OpenSSL::SSL::SSLError
----------------------
SSL_connect returned=1 errno=0 state=error: certificate verify failed
Running handlers:
[2015-10-26T06:40:14-07:00] ERROR: Running exception handlers
Running handlers complete
[2015-10-26T06:40:14-07:00] ERROR: Exception handlers complete
Chef Client failed. 1 resources updated in 18 seconds
[2015-10-26T06:40:14-07:00] FATAL: Stacktrace dumped to C:/Users/vagrant/AppData/Local/Temp/kitchen/cache/chef-stacktrace.out
[2015-10-26T06:40:14-07:00] FATAL: OpenSSL::SSL::SSLError: remote_file[https://someaddress.com/file.txt] (cookbook::windows line 50) had an error: OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=error: certificate verify failed
Thanks
Kieran