Merge pull request #14231 from hashicorp/jkirschner-hashicorp-patch-4

docs: fix broken markdown
pull/14145/head
Jared Kirschner 2022-08-18 14:30:22 -04:00 committed by GitHub
commit ff068616bc
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 2 deletions

View File

@ -1998,7 +1998,7 @@ specially crafted certificate signed by the CA can be used to gain full access t
Certificate Authority from the [`ca_file`](#tls_defaults_ca_file) or Certificate Authority from the [`ca_file`](#tls_defaults_ca_file) or
[`ca_path`](#tls_defaults_ca_path). By default, this is false, and Consul [`ca_path`](#tls_defaults_ca_path). By default, this is false, and Consul
will not make use of TLS for outgoing connections. This applies to clients will not make use of TLS for outgoing connections. This applies to clients
and servers as both will make outgoing connections. This setting *does not* and servers as both will make outgoing connections. This setting does not
apply to the gRPC interface as Consul makes no outgoing connections on this apply to the gRPC interface as Consul makes no outgoing connections on this
interface. interface.
@ -2071,7 +2071,9 @@ specially crafted certificate signed by the CA can be used to gain full access t
set to true, Consul verifies the TLS certificate presented by the servers set to true, Consul verifies the TLS certificate presented by the servers
match the hostname `server.<datacenter>.<domain>`. By default this is false, match the hostname `server.<datacenter>.<domain>`. By default this is false,
and Consul does not verify the hostname of the certificate, only that it and Consul does not verify the hostname of the certificate, only that it
is signed by a trusted CA. This setting *must* be enabled to prevent a is signed by a trusted CA.
~> **Security Note:** `verify_server_hostname` *must* be set to true to prevent a
compromised client from gaining full read and write access to all cluster compromised client from gaining full read and write access to all cluster
data *including all ACL tokens and Connect CA root keys*. data *including all ACL tokens and Connect CA root keys*.