Hi :wave: does osquery have some option like `sslC...
# general
m
Hi 👋 does osquery have some option like
sslCommonNameToCheck
? It would be really useful to specify common name of TLS server manually. Does the flag
insecure
disable common name checking?
t
I am not sure what insecure flag you are referencing? But there should not be a way to disable TLS server certificate verification unless you build a debug build. To pin to a specific certificate you’ll have to supply a specific certificate bundle containing only the leaf or root certificates you trust. The common name verified will be the one in the hostname flag, there’s no feature or flag to change that in osquery.
m
@theopolis yes, not the “insecure” flag. I meant the “allow_unsafe” flag.
s
That skips the file and folder permission checks, since osquery wants to have some "specific" permissions to be set on its binary, on the folder it's in, and also on the extensions it eventually runs
m
@Stefano Bonicatti thanks for explaining!