Use self signed certificates #109
Labels
feature
New behavior to enable things that were previously not possible
Comments
LucasPickering
added
the
feature
|
This is not possible yet, but shouldn't be too hard to add |
|
After thinking about this a little more, I want to be very narrow about how this is enabled so someone doesn't enable it for all hostnames then accidentally fall victim to a MITM attack. Currently I'm thinking of adding a field to the root Collection type called allow_invalid_cert_hostnames: ["127.0.0.1", "dev.test.website"]This would leave cert checking on for all other hostnames, and only disable it for the ones explicitly listed. This would be an exact match based on the hostname in the URL, so no regex/wildcard support. @snaggen Would this satisfy your need? |
|
Sure, but make sure to enhance the error message with all the information needed to add the configuration. |
LucasPickering
added a commit
that referenced
this issue
Mar 15, 2024
This allows you to ignore TLS cert errors on certain domains. Closes #109
LucasPickering
added a commit
that referenced
this issue
Mar 15, 2024
This allows you to ignore TLS cert errors on certain domains. Closes #109
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Use of self signed or invalid certificates are common in dev environmnts. But I cannot find anything in the docs about how to tell slumber to ignore certificate errors, and when I tried to contact a server with a root cert not in the trusted chain I get:
It would be nice if this could be documented if it is possible already, or implemented if not currently possible.
The text was updated successfully, but these errors were encountered: