Disabling SSL verification

[GauntletPL]

Please provide details about:

• What you're trying to do To disable certificate verification for include directives that point to resources hosted on a server using self-signed certificate.

• Why you can't use this extension for this The extension uses unxhr to request for the resource. To disable the verification the rejectUnauthorized option has to be passed to the https.request however the options object used for that purpose is initialised mid-function with no way of affecting it externally. Hence, I struggle to deal with the problem using asciidoctor extensions mechanism, similarly as I did in case of the intelliJ plugin where following code registered as preprocessor extension took care of the issue:

class SSLVerifyNonePreprocessor < Extensions::Preprocessor
    def process(document, reader)
        ssl = OpenSSL::SSL
        ssl.send(:remove_const, :VERIFY_PEER) if ssl.const_defined?(:VERIFY_PEER)
        ssl.const_set(:VERIFY_PEER, ssl::VERIFY_NONE)
        return reader
    end
end

• How you think this extension could handle this Please, introduce a flag allowing the user to decide whether the SSL verification should be disabled or not. Any guidance as to how to workaround this with an extension would also be welcome.

[ggrossetie]

unxhr is a Node implementation of https://developer.mozilla.org/en-US/docs/Web/API/XMLHttpRequest. As far as I know, it's not possible to ignore self-signed certificate in XMLHttpRequest.

Did you try to set process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0'?

[GauntletPL]

That did the trick. Thank you so much for making me aware of this NODE_TLS_REJECT_UNAUTHORIZED env variable.