You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
elastic/go-elasticsearch#358 added certificate pinning when talking to Elasticsearch. The current implementation has some limitations though:
The certificate pinning is only applied to *http.Transport instances, excluding transports that are wrapped by some other logic, for example when wrapped by the apm go agent.
Just to add another example, is not possible to use DataDog tracer with CA certificates for the same reason explained by @simitt in the first item. I know it's been more than two years, but can you guys come back to it? I can help if necessary. Thanks!
elastic/go-elasticsearch#358 added certificate pinning when talking to Elasticsearch. The current implementation has some limitations though:
*http.Transport
instances, excluding transports that are wrapped by some other logic, for example when wrapped by the apm go agent.DialTLS
function is replaced by the go-elasticsearch agent function, only checking the TLS fingerprint (https://github.com/elastic/go-elasticsearch/blob/main/estransport/estransport.go#L157-L181).InsecureSkipVerify
is set totrue
when checking the fingerprint, not considering potentially configured CA certs at this point.The text was updated successfully, but these errors were encountered: