Closed b1ek closed 1 month ago
Hello,
You have the option --tls-verify-certificate to force the verification of the TLS certificate if you need.
Regarding the feature, I don't plan to implement it as wstunnel is not a security tool, it is just to punch holes and let your traffic flow. If you want to ensure security, you must forward traffic that does that for you
As i've just noticed, wstunnel does not have any certificate validation whatsoever, so might just as well use plain http if someone could easily do a good ol' MITM attack with a self signed cert.
What im thinking is: if wstunnel is designed to work with self signed certs, why not make an option to accept only one specific certificate? One could make a self signed certificate with hostname like
github.com
for wstunnel, use it for wstunnel and configure it so it would accept only their certificate.Also it would be a good idea to make it clear in the readme that wstunnel will not validate certificates by default.