Open L1-0 opened 1 month ago
agreed, it would be nice if -k overrode that behavior. Unfortunately, the update feature is provided by the self_update crate, which doesn't expose the ability to ignore certs.
there are two possibilites to address this shortcoming:
The first option is definitely preferable. I'll throw an issue in their repo and see what happens.
thanks for the suggestion!
Actually, looking into their source code, it looks like it will respect some ssl env vars. Can you give those a try and see if you can update that way?
/// Set ssl cert env. vars to make sure openssl can find required files
macro_rules! set_ssl_vars {
() => {
#[cfg(target_os = "linux")]
{
if ::std::env::var_os("SSL_CERT_FILE").is_none() {
::std::env::set_var("SSL_CERT_FILE", "/etc/ssl/certs/ca-certificates.crt");
}
if ::std::env::var_os("SSL_CERT_DIR").is_none() {
::std::env::set_var("SSL_CERT_DIR", "/etc/ssl/certs");
}
}
};
}
Describe the bug When i want to update ferox in a network with a firewall with packet inspection this is not possible nor overridable with the -k flag.
To Reproduce Steps to reproduce the behavior: Have an outdated version of feroxbuster Have a network where the ssl cert is self signed
Expected behavior The update should go through after informing the user of potential risks.
Traceback / Error Output
Environment (please complete the following information):
Additional context The user should be able to override this error.