Auto updated assets for go models and clients eng#3028
Auto updated assets for go models and clients eng#3028gurunath-avi wants to merge 2 commits intoengfrom
Conversation
Signed-off-by: gurunath-avi <gurunath-reddy.kambala@broadcom.com>
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| return nil, err | ||
| } | ||
| avisess.transport = &http.Transport{ | ||
| TLSClientConfig: &tls.Config{InsecureSkipVerify: true}, |
Check failure
Code scanning / CodeQL
Disabled TLS certificate check High
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 10 months ago
To fix the problem, we need to ensure that TLS certificate verification is enabled. This involves setting InsecureSkipVerify to false and properly configuring the certificates. If the certificates are not available or cannot be verified, the connection should fail rather than proceeding insecurely.
The best way to fix the problem without changing existing functionality is to remove the InsecureSkipVerify: true setting and ensure that the application uses valid certificates. This might involve loading the system's root CA certificates or specifying a custom CA certificate.
| @@ -376,3 +376,3 @@ | ||
| avisess.transport = &http.Transport{ | ||
| TLSClientConfig: &tls.Config{InsecureSkipVerify: true}, | ||
| TLSClientConfig: &tls.Config{}, | ||
| Proxy: http.ProxyURL(proxyURL), | ||
| @@ -381,3 +381,3 @@ | ||
| avisess.transport = &http.Transport{ | ||
| TLSClientConfig: &tls.Config{InsecureSkipVerify: true}, | ||
| TLSClientConfig: &tls.Config{}, | ||
| } |
| } | ||
| } else { | ||
| avisess.transport = &http.Transport{ | ||
| TLSClientConfig: &tls.Config{InsecureSkipVerify: true}, |
Check failure
Code scanning / CodeQL
Disabled TLS certificate check High
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 10 months ago
To fix the problem, we need to ensure that TLS certificate verification is enabled. This can be done by setting InsecureSkipVerify to false or by removing the TLSClientConfig entirely if it is not needed. Additionally, we should ensure that the application is configured with the correct certificates to allow for proper verification.
The best way to fix the problem without changing existing functionality is to set InsecureSkipVerify to false and ensure that the application is using valid certificates. This change should be made in the go/session/avisession.go file, specifically on lines 377 and 382.
| @@ -376,3 +376,3 @@ | ||
| avisess.transport = &http.Transport{ | ||
| TLSClientConfig: &tls.Config{InsecureSkipVerify: true}, | ||
| TLSClientConfig: &tls.Config{InsecureSkipVerify: false}, | ||
| Proxy: http.ProxyURL(proxyURL), | ||
| @@ -381,3 +381,3 @@ | ||
| avisess.transport = &http.Transport{ | ||
| TLSClientConfig: &tls.Config{InsecureSkipVerify: true}, | ||
| TLSClientConfig: &tls.Config{InsecureSkipVerify: false}, | ||
| } |
Signed-off-by: gurunath-avi <gurunath-reddy.kambala@broadcom.com>
3 participants
No description provided.