Skip to content

Reject TLS key-only config from merged sources#705

Merged
ryanfowler merged 1 commit into
mainfrom
reject-tls-keyonly-config
Jun 3, 2026
Merged

Reject TLS key-only config from merged sources#705
ryanfowler merged 1 commit into
mainfrom
reject-tls-keyonly-config

Conversation

@ryanfowler

Copy link
Copy Markdown
Owner

Summary

  • Reject --key without --cert once the effective request URL is TLS, so config and --from-curl values can no longer be silently ignored.
  • Apply the same guard to HTTPS requests, WSS handshakes, and TLS inspection paths.
  • Document the TLS client-auth requirement in the CLI, config, and authentication docs.

Testing

  • Added regression coverage for HTTPS config key-only failure and HTTPS --from-curl key-only failure.
  • Existing HTTP key-only compatibility tests still pass.
  • Verified with unit tests and the serial integration suite.

@ryanfowler ryanfowler enabled auto-merge June 3, 2026 00:14
@ryanfowler ryanfowler merged commit 5efbe2a into main Jun 3, 2026
4 checks passed
@ryanfowler ryanfowler deleted the reject-tls-keyonly-config branch June 3, 2026 00:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant