mirror of https://github.com/hashicorp/consul
Merge pull request #14231 from hashicorp/jkirschner-hashicorp-patch-4
docs: fix broken markdownpull/14145/head
commit
ff068616bc
|
@ -1998,7 +1998,7 @@ specially crafted certificate signed by the CA can be used to gain full access t
|
||||||
Certificate Authority from the [`ca_file`](#tls_defaults_ca_file) or
|
Certificate Authority from the [`ca_file`](#tls_defaults_ca_file) or
|
||||||
[`ca_path`](#tls_defaults_ca_path). By default, this is false, and Consul
|
[`ca_path`](#tls_defaults_ca_path). By default, this is false, and Consul
|
||||||
will not make use of TLS for outgoing connections. This applies to clients
|
will not make use of TLS for outgoing connections. This applies to clients
|
||||||
and servers as both will make outgoing connections. This setting *does not*
|
and servers as both will make outgoing connections. This setting does not
|
||||||
apply to the gRPC interface as Consul makes no outgoing connections on this
|
apply to the gRPC interface as Consul makes no outgoing connections on this
|
||||||
interface.
|
interface.
|
||||||
|
|
||||||
|
@ -2071,7 +2071,9 @@ specially crafted certificate signed by the CA can be used to gain full access t
|
||||||
set to true, Consul verifies the TLS certificate presented by the servers
|
set to true, Consul verifies the TLS certificate presented by the servers
|
||||||
match the hostname `server.<datacenter>.<domain>`. By default this is false,
|
match the hostname `server.<datacenter>.<domain>`. By default this is false,
|
||||||
and Consul does not verify the hostname of the certificate, only that it
|
and Consul does not verify the hostname of the certificate, only that it
|
||||||
is signed by a trusted CA. This setting *must* be enabled to prevent a
|
is signed by a trusted CA.
|
||||||
|
|
||||||
|
~> **Security Note:** `verify_server_hostname` *must* be set to true to prevent a
|
||||||
compromised client from gaining full read and write access to all cluster
|
compromised client from gaining full read and write access to all cluster
|
||||||
data *including all ACL tokens and Connect CA root keys*.
|
data *including all ACL tokens and Connect CA root keys*.
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue