diff options
author | Emmanuel Vasilakis <mrzammler@mm.st> | 2022-11-03 16:22:39 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-11-03 16:22:39 +0200 |
commit | a41ba6db5a55a879cc3f49524eca5a4f6ecf7fe0 (patch) | |
tree | 053c6a479bc02475fc592c827e113814fb0d9363 /streaming | |
parent | a19795e85fd1d026171661c7f97bde8f9f7d0b1a (diff) |
Setup default certificates path (#13941)
* setup default certificates path
* change logic
* change default in stream.conf
Diffstat (limited to 'streaming')
-rw-r--r-- | streaming/rrdpush.c | 4 | ||||
-rw-r--r-- | streaming/stream.conf | 17 |
2 files changed, 11 insertions, 10 deletions
diff --git a/streaming/rrdpush.c b/streaming/rrdpush.c index b015985e6a..5764f64899 100644 --- a/streaming/rrdpush.c +++ b/streaming/rrdpush.c @@ -140,8 +140,8 @@ int rrdpush_init() { } } - netdata_ssl_ca_path = appconfig_get(&stream_config, CONFIG_SECTION_STREAM, "CApath", "/etc/ssl/certs/"); - netdata_ssl_ca_file = appconfig_get(&stream_config, CONFIG_SECTION_STREAM, "CAfile", "/etc/ssl/certs/certs.pem"); + netdata_ssl_ca_path = appconfig_get(&stream_config, CONFIG_SECTION_STREAM, "CApath", NULL); + netdata_ssl_ca_file = appconfig_get(&stream_config, CONFIG_SECTION_STREAM, "CAfile", NULL); #endif return default_rrdpush_enabled; diff --git a/streaming/stream.conf b/streaming/stream.conf index cfaf7ebe7b..cbaab1919e 100644 --- a/streaming/stream.conf +++ b/streaming/stream.conf @@ -40,17 +40,18 @@ #ssl skip certificate verification = yes # Certificate Authority Path - # OpenSSL has a default directory where the known certificates are stored, - # case it is necessary it is possible to change this rule using the variable - # "CApath" - #CApath = /etc/ssl/certs/ + # OpenSSL has a default directory where the known certificates are stored. + # In case it is necessary, it is possible to change this rule using the variable + # "CApath", e.g. CApath = /etc/ssl/certs/ + # + #CApath = # Certificate Authority file - # When the Netdata parent has certificate, that is not recognized as valid, - # we can add this certificate in the list of known certificates in CApath - # and give for Netdata as argument. + # When the Netdata parent has a certificate that is not recognized as valid, + # we can add it to the list of known certificates in "CApath" and give it to + # Netdata as an argument, e.g. CAfile = /etc/ssl/certs/cert.pem # - #CAfile = /etc/ssl/certs/cert.pem + #CAfile = # The API_KEY to use (as the sender) api key = |