Details
-
Improvement
-
Resolution: Fixed
-
Major
-
3.0
-
Security Level: Public
-
None
-
CBG Sprint 68, CBG Sprint 69, CBG Sprint 70
-
3
Description
Sync Gateway supports loading JavaScript content from external HTTP/HTTPs endpoints. In case of an HTTPS endpoint, the underlying SSL connection attempted to be made secure by using the CA certificate bundle installed on the SG node by default. This means that you may encounter an SSL verification error when you try to load JavaScript from external HTTPS endpoints with the SSL certificates that are misconfigured, expired, or self-signed. We should have a mechanism to force SG to ignore the certificate errors by specifying the remote_config_tls_skip_verify option in the database configuration. SG should ignore the SSL checks when initiating the connection by using the remote_config_tls_skip_verify option and you should be able to bypass any SSL error that any external JavaScript endpoint might have.