Comments (6)
I looked into it and dump some links for future me (or someone else) to look into it at a later time.
Something useful might be a way to ignore certificate errors (via ClientBuilder::danger_accept_invalid_certs).
Currently rustls is used instead of reqwests default OpenSSL. Maybe enabling rustls-native-certs might help in this regards. reqwest has the feature flag rustls-tls-native-roots
for this.
The crate lists some pros and cons if it should be used or not. Any thoughts on them?
from website-stalker.
This is just my opinion but from what I can tell this is the major con of rustls-native-certs
:
- The OS update system may, in fact, be quite poor at keeping the root certificates up-to-date
This is not really an issue for me as I use a rolling-release distro but it's definitely an issue for those using "stable" distros.
Is it possible to install both rustls-native-certs
and webpki-roots
at the same time? The idea is to choose between the two depending on which OS it is installed. If that's not possible I would lean on ignoring certificate errors. I don't expect most people to use this application against non-ICANN domains. I can settle for this as a temporary workaround.
from website-stalker.
yeah, I think optional accept_invalid_certs with the built in certificates are a good way to work around it here.
Its probably a good idea to configure this per entry and not globally for all entries? More explicit ignore this. Also it takes more effort to do so → its easier to not just ignore everything.
When thinking about it, as the certificates are bundled the binary has to be fairly up to date in order to ensure up to date certificates. So its either the OS or the binary itself in this case.
from website-stalker.
Its probably a good idea to configure this per entry and not globally for all entries?
Better if both options are available.
When thinking about it, as the certificates are bundled the binary has to be fairly up to date in order to ensure up to date certificates.
That's a problem if you, the developer, becomes inactive for a long time. Sites could become inaccessible just by using an outdated set of certificates.
from website-stalker.
I think staying with rustls seems like the best choice. Building with updated dependencies will be possible even if become inactive as this is an open-source tool which can be self compiled. Also rustls isnt using external non-rust-stuff which is probably a safer thing to do in general. We just need to be aware that regular updates are a must when rustls is included in the binary and not on system level.
I added accept_invalid_certs
only as site config in order to limit the usage of it. Its easier to not use it which should be the default.
Regarding the self signed certificates using the system store might be a good solution but as long as there isnt bigger interest I think using accept_invalid_certs
is just the way with less added complexity to go.
from website-stalker.
As this feature seems to be working generally I will close this issue. If there are other feature requests or ideas feel free to comment or open a new issue.
from website-stalker.
Related Issues (20)
- consider switching to `git-repository` crate HOT 2
- Current main can't parse it's own example config HOT 1
- Replace integrated git support by usage of the existing git executable HOT 1
- Overriding filename? HOT 7
- Check robots.txt HOT 2
- Allow override of 'sites/' HOT 7
- Commit per Domain or all HOT 1
- Create issue for the changes with link for the commit HOT 2
- Latest version breaks Github Action HOT 8
- Sorting/Ordering is changed, but no change in content HOT 11
- One commit per host HOT 1
- Remove `check` sub-command HOT 2
- command editor
- Commit message based on changed site
- Allow grouping of links HOT 2
- Use environment variable for `from` HOT 2
- Default extension HOT 1
- html_prettify: sort class and style attributes HOT 1
- Select parts of a json
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from website-stalker.