Closed anoadragon453 closed 9 months ago
Providing a switch to disable certificate verification is something I'd also like to have. And it would be good to have helpful log entires on failed certificate validation. Currently I'm just getting this:
message: 'No response received: [object Object]',
We could also document how to add custom CAs to the list of trusted CAs. At least on my host, NodeJS seems to ignore the system certificate store and use it's own?
If are running the matrix-user-verification-service in docker, you could mount a PEM file with additional trusted CAs into the container and point the NODE_EXTRA_CA_CERTS
environment variable to it.
Actually, that switch already exists right now: Set NODE_TLS_REJECT_UNAUTHORIZED=0
and verification is disabled.
I think the NODE_TLS_REJECT_UNAUTHORIZED is probably the right way for this.
It should be possible to configure via an environment variable,
UVS_DISABLE_CERTIFICATE_VERIFICATION
, that when set tofalse
will cause anyaxios.get
calls to no longer fail if the server's SSL certificate cannot be verified. Mostly for local testing use-cases.Such an option should come with a warning, especially if the UVS and the homeserver are on separate computers (as a Synapse admin access token is passed in the request).
The way to disable certificate verification checking with
axios
is: