luxolus
/
open-consul
2
0
Fork 0
Code Issues 1 Pull Requests Packages Releases Wiki Activity

Escape verify_server_hostname angle-brackets

This commit is contained in:
Jason Martin 2016-07-20 15:53:35 -07:00
parent 079eee932a
commit bda170a872
No known key found for this signature in database
GPG Key ID: B1E36C1CE754A822
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
website/source/docs/agent/options.html.markdown
View File

@ -782,7 +782,7 @@ Consul will not enable TLS for the HTTP API unless the `https` port has been ass
* <a name="verify_server_hostname"></a><a href="#verify_server_hostname">`verify_server_hostname`</a> - If set to * <a name="verify_server_hostname"></a><a href="#verify_server_hostname">`verify_server_hostname`</a> - If set to
true, Consul verifies for all outgoing connections that the TLS certificate presented by the servers true, Consul verifies for all outgoing connections that the TLS certificate presented by the servers
matches "server.<datacenter>.<domain>" hostname. This implies `verify_outgoing`. matches "server.&lt;datacenter&gt;.&lt;domain&gt;" hostname. This implies `verify_outgoing`.
By default, this is false, and Consul does not verify the hostname of the certificate, only By default, this is false, and Consul does not verify the hostname of the certificate, only
that it is signed by a trusted CA. This setting is important to prevent a compromised that it is signed by a trusted CA. This setting is important to prevent a compromised
client from being restarted as a server, and thus being able to perform a MITM attack client from being restarted as a server, and thus being able to perform a MITM attack