You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
ziti edge login with the --ca option always fails when run non-interactively if the OS happens to be configured to trust the mgmt API server certificate by way of system-wide trust store(s).
It doesn't seem useful to guard against the scenario where the mgmt API server cert happens to be trusted more than once, e.g., by the OS trust store and by the trust bundle specified in the --ca option, and this confirmation prompt always breaks non-interactive login when that is the case.
The text was updated successfully, but these errors were encountered:
ziti edge loginwith the--caoption always fails when run non-interactively if the OS happens to be configured to trust the mgmt API server certificate by way of system-wide trust store(s).The
--yesoption will override the interactive y/n prompt that's presented in https://github.com/openziti/ziti/blob/main/ziti/cmd/edge/login.go#L276, but this has the undesirable effect of also trusting malicious server certificates.It doesn't seem useful to guard against the scenario where the mgmt API server cert happens to be trusted more than once, e.g., by the OS trust store and by the trust bundle specified in the
--caoption, and this confirmation prompt always breaks non-interactive login when that is the case.The text was updated successfully, but these errors were encountered: