Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Incorrect certificate error message #2395
I would like to suggest updating a security error message.
When I simulate an Man-in-the-Middle attack against rubygems.org and replace the SSL/TLS certificate then the Ruby application (in this case Logstash) reports the following error:
My issue with this error is the "You must add to your local trusted store" part. i believe it should be left to the user to resolve the problem. Could be that the user forgot to add the root certificate to the truststore, could be that the server is not sending proper intermediate certificates, or it could be a MITM... In that case the user should not continue.
For comparison, here's how wget handles the same situation:
This issue is related to:
Here are my current environment details:
The code responsible for this error can be found here: https://github.com/rubygems/rubygems/blob/master/lib/rubygems/request.rb#L120-L122
I will abide by the code of conduct.