Incomplete certificate chain

[TjeuKayim]

This link checker fails if the server's certificate chain is incomplete. For example, https://incomplete-chain.badssl.com/ will throw: error trying to connect: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:../ssl/statem/statem_clnt.c:1924: (unable to get local issuer certificate). Most browsers still accept this (AIA fetching).

Can mdbook-linkcheck get an option to ignore HTTPS certificates with incomplete chain? Maybe only for a whitelist of configured domains.

[Michael-F-Bryan]

I guess we could use reqwest::ClientBuilder::danger_accept_invalid_certs() to globally disable certificate validation when creating the HTTP client... But if the server on the other side has invalid certs most browsers will refuse to display the page, which is a pretty good definition for "broken link".

Can't you add the server to the exclude section under [output.linkcheck]?

[Michael-F-Bryan]

I'm going to close this issue as Wont-Fix. If your website has bad certificates then I'd argue that it is broken, and should be reported as such.