Make verify_peer configurable and default it to false

oesmith / puffing-billy

A rewriting web proxy for testing interactions between your browser and external sites. Works with ruby + rspec.

MIT License

656 stars 170 forks source link

Make verify_peer configurable and default it to false #294

Closed aharbick closed 4 years ago

aharbick commented 4 years ago

Resolves #293

Also note that this doesn't make these warnings

[WARNING; em-http-request] TLS hostname validation is disabled (use 'tls: {verify_peer: true}'), see CVE-2020-13482 and https://github.com/igrigorik/em-http-request/issues/339 for details

go away unless this is merged: https://github.com/igrigorik/em-http-request/pull/341

OR verify_peer: true is used.

ronwsmith commented 4 years ago

Thanks for the contribution! Can you add this new option to the README too?

aharbick commented 4 years ago

How about 356cbc1 @ronwsmith ?

ronwsmith commented 4 years ago

Looks good, will try to get this in soon!

CarwynNelson commented 4 years ago

@ronwsmith Would you be able to merge this? It would really help to reduce the noise in our logs

ronwsmith commented 4 years ago

@CarwynNelson thanks for the nudge, just released in 2.4.0