Skip to content

Make verify_peer configurable and default it to false#294

Merged
ronwsmith merged 2 commits intooesmith:masterfrom
bidwrangler:master
Aug 27, 2020
Merged

Make verify_peer configurable and default it to false#294
ronwsmith merged 2 commits intooesmith:masterfrom
bidwrangler:master

Conversation

@aharbick
Copy link
Contributor

@aharbick aharbick commented Jun 15, 2020

Resolves #293

Also note that this doesn't make these warnings

[WARNING; em-http-request] TLS hostname validation is disabled (use 'tls: {verify_peer: true}'), see CVE-2020-13482 and https://github.com/igrigorik/em-http-request/issues/339 for details

go away unless this is merged: igrigorik/em-http-request#341

OR verify_peer: true is used.

@aharbick aharbick mentioned this pull request Jun 15, 2020
Closed
@ronwsmith
Copy link
Collaborator

ronwsmith commented Jun 15, 2020

Thanks for the contribution! Can you add this new option to the README too?

@aharbick
Copy link
Contributor Author

aharbick commented Jun 15, 2020

How about 356cbc1 @ronwsmith ?

@ronwsmith
Copy link
Collaborator

ronwsmith commented Jun 15, 2020

Looks good, will try to get this in soon!

@CarwynNelson
Copy link

CarwynNelson commented Aug 24, 2020

@ronwsmith Would you be able to merge this? It would really help to reduce the noise in our logs

@ronwsmith ronwsmith merged commit 4cd4d85 into oesmith:master Aug 27, 2020
@ronwsmith
Copy link
Collaborator

ronwsmith commented Aug 27, 2020

@CarwynNelson thanks for the nudge, just released in 2.4.0

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

specify verify_peer option to EM::HttpRequest

3 participants

@aharbick @ronwsmith @CarwynNelson