backend/http: add ca_file support for custom CA trust#38024
backend/http: add ca_file support for custom CA trust#38024vincent-turato wants to merge 2 commits intohashicorp:mainfrom
Conversation
|
Thank you for your submission! We require that all contributors sign our Contributor License Agreement ("CLA") before we can accept the contribution. Read and sign the agreement Learn more about why HashiCorp requires a CLA and what the CLA includes Have you signed the CLA already but the status is still pending? Recheck it. |
1 similar comment
|
Thank you for your submission! We require that all contributors sign our Contributor License Agreement ("CLA") before we can accept the contribution. Read and sign the agreement Learn more about why HashiCorp requires a CLA and what the CLA includes Have you signed the CLA already but the status is still pending? Recheck it. |
|
@vincent-turato Thanks for this submission! To set expectations appropriately, please check out this section of the contribution guide: https://github.com/hashicorp/terraform/blob/main/.github/CONTRIBUTING.md#state-storage-backends -- specifically, we likely will not accept contributions to the A hard requirement for review is to sign the CLA. Please do so when you get a chance. Thanks! |
2 participants
Summary
Add support for configuring a custom CA certificate bundle for the HTTP backend using a new
ca_fileoption (andTF_HTTP_CA_FILE).This allows TLS certificate verification with private or internal CAs without disabling verification.
Fixes #36937
Changes
ca_file/TF_HTTP_CA_FILEbackend optionTarget Release
1.15.x
Changes to Security Controls
Yes. This change improves TLS security by allowing users to configure a trusted CA bundle for the HTTP backend. This enables proper server certificate verification in environments that use private or internal certificate authorities, reducing the need to disable TLS verification via
skip_cert_verification.No existing security controls are removed or weakened.
CHANGELOG entry