Recently our TA was rejected for Splunk Cloud compatibility due to a configuration option that would allow our customers to disable SSL verification so that they can make the REST API calls to a server that has a self-signed TLS certificate. The TA is using Python code for the inputs, and one of the configuration options when setting up the input was to Enable or Disable SSL Verification. Customers using servers with self-signed certificates could opt to disable verification. This would set the verify parameter to the helper.send_http_request to False. This option passed Cloud compatibility until recently when we were notified that external network calls must be made securely and so our TA no longer qualified for Cloud compatibility with the option to set verify=False. Has anyone else ran into this issue and is there a solution other than forcing customers to purchase TLS certificates from a trusted CA? I did see there is an option to the helper.send_http_request call to specify the CA bundle, but we do not have any control over what CA is used to generate the self-signed certificate so there is no way to include a bundle in the TA. Any suggestions are welcome.
... View more