New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Use self signed certificates #109
Comments
This is not possible yet, but shouldn't be too hard to add |
After thinking about this a little more, I want to be very narrow about how this is enabled so someone doesn't enable it for all hostnames then accidentally fall victim to a MITM attack. Currently I'm thinking of adding a field to the root Collection type called allow_invalid_cert_hostnames: ["127.0.0.1", "dev.test.website"] This would leave cert checking on for all other hostnames, and only disable it for the ones explicitly listed. This would be an exact match based on the hostname in the URL, so no regex/wildcard support. @snaggen Would this satisfy your need? |
Sure, but make sure to enhance the error message with all the information needed to add the configuration. |
This allows you to ignore TLS cert errors on certain domains. Closes #109
This allows you to ignore TLS cert errors on certain domains. Closes #109
Use of self signed or invalid certificates are common in dev environmnts. But I cannot find anything in the docs about how to tell slumber to ignore certificate errors, and when I tried to contact a server with a root cert not in the trusted chain I get:
It would be nice if this could be documented if it is possible already, or implemented if not currently possible.
The text was updated successfully, but these errors were encountered: