Allow self-signed certificates

aerth / go-quitter

Experimental GNU Social ( statusnet ) client and library

https://godoc.org/github.com/aerth/go-quitter

MIT License

15 stars 3 forks source link

Allow self-signed certificates #15

Closed anonimal closed 7 years ago

anonimal commented 8 years ago

go-quitter will fail when connecting to a personal instance of GNU Social that serves a self-signed certificate.

Error: x509: certificate signed by unknown authority

aerth commented 7 years ago

If you have root, I recommend trying something like adding a self signed certificate to your trusted store. Let me know if this works for you.

Should there be a prompt such as Certificate is self signed, continue anyways? y/N ? I had thought about this, but this opens up the doors for MITM.

Anyways thanks for reporting this.

I would merge a PR either has

a prompt (y/N)
or a config option that saves an SSL fingerprint (IMO the better way)

anonimal commented 7 years ago

I don't think adding a self-signed cert to a trusted store is the solution here but I do like the idea of a config option that saves and uses a trusted fingerprint. Once implemented, the prompt could instead direct users to the option (thus preventing an accidental MiTM).

aerth commented 7 years ago

i threw it in there, use environmental variable UNSAFE=anything

aerth commented 7 years ago

If it works, i can add it to the config. Let me know if it doesn't work as expected, thanks.