Don't validate certificates when checking well-known URI

matrix-org / matrix-federation-tester

Tester for matrix federation written in golang.

79 stars 17 forks source link

Don't validate certificates when checking well-known URI #24

Closed anoadragon453 closed 5 years ago

anoadragon453 commented 5 years ago

A lot of people were reporting well-known support being set to false instead of true even though they had well-known set up correctly.

Apparently this stems from not being able to verify the TLS certificate in use on the /.well-known/matrix/server URI.

The quick fix for this is just to disable TLS certificate checking for this call, as it is not important to federation checking anyways, we just want to verify the JSON content.

richvdh commented 5 years ago

A lot of people were reporting well-known support being set to false instead of true even though they had well-known set up correctly.

Apparently this stems from not being able to verify the TLS certificate in use on the /.well-known/matrix/server URI.

If the certificates aren't valid, well-known is not set up correctly.

anoadragon453 commented 5 years ago

Sorry, forgot to update this PR after our discussion. It should indeed fail, but say why it failed.

A separate PR will be made for having tests print why things failed, and this'll utilize that.

anoadragon453 commented 5 years ago

Oop, apologies. Should not have requested a review on this one. Trigger finger.

anoadragon453 commented 5 years ago

This was due to someone's bad cert, rather than a problem with the fed-tester.