https://bugzilla.suse.com/show_bug.cgi?id=1219688 https://bugzilla.suse.com/show_bug.cgi?id=1219688#c7 --- Comment #7 from Paolo Perego <paolo.perego@suse.com> --- (In reply to Imobach Gonzalez Sosa from comment #6)

(In reply to Paolo Perego from comment #5)

[snip]

...

Another point of attention is for digital cerficate. Please make sure to let the client validate the certificate when doing HTTPS calls. However I didn't understand the scenario... both client and server will run on the same host, correct?

Which is the right way to validate the certificate? Allowing the user to check the fingerprint? Ok well... interacting with the browser, using a valid certificate, not self signed. Interacting with a command line client, having the client validating all the root of trust of the certificate.

eg:

import requests requests.post(url='https://foo.example', data={'bar':'baz'})

Following Cockpit's approach, when connecting to localhost, we do not see the need to use HTTPS. But when installing remotely, it is mandatory. Does it make sense? It would require a lot of extra effort dividing the two cases... however it makes sense to have http on a localhost only communication. -- You are receiving this mail because: You are on the CC list for the bug.