You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I've tried locally this is feasible. Open up this issue to discuss whether we should do this.
Background:
For all the MPG client and some DPG client that using oauth2, .net SDK has a policy that "the protocol must be https". I think java has the same problem but not sure if other languages have.
When I try to bypass this check, there are some subsequent issues. So we are thinking changing cadl-ranch from "http" to "https", which means we need certificate. A self-signed certificate is the easiest way. Question is where we put this certificate:
Option 1
In the source code of cadl-ranch. Cons: I'm not sure if it violates any compliance, since it contains private key, though we really don't care about the privacy of this certificate.
Option 2
Every time we start the server, we call a script somewhere to generate this certificate. Cons: needs to install openssl in the build agent, and generating a cert might cost several seconds.
Impacts for the client
At least for .net client, there will be a certificate check for each call. We need to bypass this check because the certificate is self-signed. If other languages have this check too, they need to bypass it as well.
The text was updated successfully, but these errors were encountered:
I've tried locally this is feasible. Open up this issue to discuss whether we should do this.
Background:
For all the MPG client and some DPG client that using
oauth2
, .net SDK has a policy that "the protocol must be https". I think java has the same problem but not sure if other languages have.When I try to bypass this check, there are some subsequent issues. So we are thinking changing cadl-ranch from "http" to "https", which means we need certificate. A self-signed certificate is the easiest way. Question is where we put this certificate:
Option 1
In the source code of cadl-ranch. Cons: I'm not sure if it violates any compliance, since it contains private key, though we really don't care about the privacy of this certificate.
Option 2
Every time we start the server, we call a script somewhere to generate this certificate. Cons: needs to install openssl in the build agent, and generating a cert might cost several seconds.
Impacts for the client
At least for .net client, there will be a certificate check for each call. We need to bypass this check because the certificate is self-signed. If other languages have this check too, they need to bypass it as well.
The text was updated successfully, but these errors were encountered: