search

mattermost / desktop

Mattermost Desktop application for Windows, Mac and Linux
Apache License 2.0
1.99k stars 811 forks source link

Information about certificate.json and trustedOrigins.json #1799

Closed marcotuna closed 1 year ago

marcotuna commented 2 years ago

For troubleshooting, see https://www.mattermost.org/troubleshoot/.

Currently I am using Cloudflare for Teams (Warp) which intercepts all traffic. It requires installing a self signed certificate on the computer. I am using Linux and if I download the Mattermost Desktop client from the website, it loads the certificates from the operating system and everything works fine. However when attempting to run Mattermost Desktop installed from the snap package manager, Mattermost complaints about "Certificate is not trusted", for every new link that is posted on the chat.

I found out in the source code about certificate.json and trustedOrigins.json https://github.com/mattermost/desktop/blob/0476d3efb83354644f3351dcafa4e478e2b48dcd/src/main/main.ts#L205

I also found out that every time I "Trust Insecure Certificate" a new entry is added to certificate.json Example:

{
  "https://mattermostdomain.sample.com": {
    "data": "-----BEGIN CERTIFICATE-----\nMIICKjCCAbGgAwIBAgIFANwYNxowCgYIKoZIzj0EAwIwgY4xCzAJBgNVBAYTAlVT\nMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRkw\nFwYDVQQKExBDbG91ZGZsYXJlLCBJbmMuMTcwNQYDVQQLEy5HYXRld2F5IEludGVy\nbWVkaWF0ZSBFQ0MgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTIxMTAwMTA2Mzgw\nMFoXDTIxMTExOTE3MDIwNlowGTEXMBUGA1UEAwwOaW0uZ2xhcnRlay5jb20wdjAQ\nBgcqhkjOPQIBBgUrgQQAIgNiAAT8aPjp3llFKZvZlUKFXN/aKBjawIm2o2ubOG7t\nOUtxlbfOt4Iig1FgMWnhmyeocRrFQG9yHgTz74M8k5u2icwH6CMrlSjKveg6yFTS\nyki1jY7+ZKt47dFHGIWEUJ6Bol6jUzBRMBMGA1UdJQQMMAoGCCsGAQUFBwMBMBkG\nA1UdEQQSMBCCDmltLmdsYXJ0ZWsuY29tMB8GA1UdIwQYMBaAFI3OHemd6JEnwQws\nce+EYQlGBEIUMAoGCCqGSM49BAMCA2cAMGQCMBCaK4Zg90/k/2JruhSuTQmMHEit\nPDH/qiV+8UJ7OaiqWit1tt1aoiF7v0Sh8EUcFQIwDeWlVchyL2FpOj1rHtH9ZYcy\nnurU5ZnIJlzX4F/jY6Y9EeBF10Nnx4ZiHiBhFuJ/\n-----END CERTIFICATE-----\n",
    "issuerName": "Cloudflare, Inc."
  }
}

Is there a way to create a rule that matches any domain to accept that certificate? I've attempted with a Wildcard * but didn't worked.

Thanks!

devinbinnie commented 2 years ago

@marcotuna Just to clarify, do you have a different certificate or one that expires quickly on your site? I'm not sure why we would be ignoring it if you've said it's trusted. Is there anything different about your URL?

devinbinnie commented 1 year ago

Closing as inactive.