Add an option to accept only a specific certificate?

[b1ek]

As i've just noticed, wstunnel does not have any certificate validation whatsoever, so might just as well use plain http if someone could easily do a good ol' MITM attack with a self signed cert.

What im thinking is: if wstunnel is designed to work with self signed certs, why not make an option to accept only one specific certificate? One could make a self signed certificate with hostname like github.com for wstunnel, use it for wstunnel and configure it so it would accept only their certificate.

Also it would be a good idea to make it clear in the readme that wstunnel will not validate certificates by default.

[erebe]

Hello,

You have the option --tls-verify-certificate to force the verification of the TLS certificate if you need.

Regarding the feature, I don't plan to implement it as wstunnel is not a security tool, it is just to punch holes and let your traffic flow. If you want to ensure security, you must forward traffic that does that for you