[chef] Re: Re: Re: Secure knife winrm

[Daniel DeLeo < >]

On Thursday, October 30, 2014 at 12:28 PM, Tensibai wrote:

> I did resolve this issue by setting the SSL_CERT_FILE env variable pointing 
> to a file with our internal CA certs before running knife commands.
> As far as I can tell, this location is for ruby libs, not openssl on itself 
> and that's why it dies.
> I could worth a pull request on knife/chef code, unsure about which one...
> Le 2014-10-30 20:09, Dwayne Forehand a écrit :


ChefDK patches openssl.rb so that it will set this environment variable 
(unless you’ve set it to something else already). I’m not personally very 
familiar with the ruby winrm library, but I know it uses eventmachine which 
may have its own SSL socket code (and therefore not trigger the openssl fix 
in ChefDK). Can you confirm whether other SSL connections (e.g., using knife 
with `ssl_verify_mode :verify_peer` in your config file) work correctly? If 
so, I’d file the bug against knife-winrm to see if some workaround can be 
added to trigger ChefDK’s openssl fix.

--  
Daniel DeLeo