misc: add proper ssl verification for private certs

2025-07-11 12:11:38 +00:00 · 2025-02-25 18:42:49 +09:00
5 changed files with 3 additions and 5 deletions
--- a/backend/src/ee/services/dynamic-secret/providers/cassandra.ts
+++ b/backend/src/ee/services/dynamic-secret/providers/cassandra.ts
@ -28,7 +28,7 @@ export const CassandraProvider = (): TDynamicProviderFns => {
  };
  const $getClient = async (providerInputs: z.infer<typeof DynamicSecretCassandraSchema>) => {
-    const sslOptions = providerInputs.ca ? { rejectUnauthorized: false, ca: providerInputs.ca } : undefined;
+    const sslOptions = providerInputs.ca ? { ca: providerInputs.ca } : undefined;
    const client = new cassandra.Client({
      sslOptions,
      protocolOptions: {
--- a/backend/src/ee/services/dynamic-secret/providers/elastic-search.ts
+++ b/backend/src/ee/services/dynamic-secret/providers/elastic-search.ts
@ -30,7 +30,6 @@ export const ElasticSearchProvider = (): TDynamicProviderFns => {
        url: new URL(`${providerInputs.host}:${providerInputs.port}`),
        ...(providerInputs.ca && {
          ssl: {
            rejectUnauthorized: false,
            ca: providerInputs.ca
          }
        })
--- a/backend/src/ee/services/dynamic-secret/providers/rabbit-mq.ts
+++ b/backend/src/ee/services/dynamic-secret/providers/rabbit-mq.ts
@ -96,7 +96,7 @@ export const RabbitMqProvider = (): TDynamicProviderFns => {
      },
      ...(providerInputs.ca && {
-        httpsAgent: new https.Agent({ ca: providerInputs.ca, rejectUnauthorized: false })
+        httpsAgent: new https.Agent({ ca: providerInputs.ca })
      })
    });
--- a/backend/src/ee/services/dynamic-secret/providers/redis.ts
+++ b/backend/src/ee/services/dynamic-secret/providers/redis.ts
@ -65,7 +65,6 @@ export const RedisDatabaseProvider = (): TDynamicProviderFns => {
        password: providerInputs.password,
        ...(providerInputs.ca && {
          tls: {
            rejectUnauthorized: false,
            ca: providerInputs.ca
          }
        })
--- a/backend/src/ee/services/dynamic-secret/providers/sql-database.ts
+++ b/backend/src/ee/services/dynamic-secret/providers/sql-database.ts
@ -33,7 +33,7 @@ export const SqlDatabaseProvider = (): TDynamicProviderFns => {
  };
  const $getClient = async (providerInputs: z.infer<typeof DynamicSecretSqlDBSchema>) => {
-    const ssl = providerInputs.ca ? { rejectUnauthorized: false, ca: providerInputs.ca } : undefined;
+    const ssl = providerInputs.ca ? { ca: providerInputs.ca } : undefined;
    const isMsSQLClient = providerInputs.client === SqlProviders.MsSQL;
    const db = knex({