Self-signed certificate not recognized about website-stalker HOT 6 CLOSED

I looked into it and dump some links for future me (or someone else) to look into it at a later time.

Something useful might be a way to ignore certificate errors (via ClientBuilder::danger_accept_invalid_certs).

Currently rustls is used instead of reqwests default OpenSSL. Maybe enabling rustls-native-certs might help in this regards. reqwest has the feature flag rustls-tls-native-roots for this.
The crate lists some pros and cons if it should be used or not. Any thoughts on them?

from website-stalker.

This is just my opinion but from what I can tell this is the major con of rustls-native-certs:

• The OS update system may, in fact, be quite poor at keeping the root certificates up-to-date

This is not really an issue for me as I use a rolling-release distro but it's definitely an issue for those using "stable" distros.

Is it possible to install both rustls-native-certs and webpki-roots at the same time? The idea is to choose between the two depending on which OS it is installed. If that's not possible I would lean on ignoring certificate errors. I don't expect most people to use this application against non-ICANN domains. I can settle for this as a temporary workaround.

from website-stalker.

yeah, I think optional accept_invalid_certs with the built in certificates are a good way to work around it here.
Its probably a good idea to configure this per entry and not globally for all entries? More explicit ignore this. Also it takes more effort to do so → its easier to not just ignore everything.

When thinking about it, as the certificates are bundled the binary has to be fairly up to date in order to ensure up to date certificates. So its either the OS or the binary itself in this case.

from website-stalker.

Its probably a good idea to configure this per entry and not globally for all entries?

Better if both options are available.

When thinking about it, as the certificates are bundled the binary has to be fairly up to date in order to ensure up to date certificates.

That's a problem if you, the developer, becomes inactive for a long time. Sites could become inaccessible just by using an outdated set of certificates.

from website-stalker.

I think staying with rustls seems like the best choice. Building with updated dependencies will be possible even if become inactive as this is an open-source tool which can be self compiled. Also rustls isnt using external non-rust-stuff which is probably a safer thing to do in general. We just need to be aware that regular updates are a must when rustls is included in the binary and not on system level.

I added accept_invalid_certs only as site config in order to limit the usage of it. Its easier to not use it which should be the default.

Regarding the self signed certificates using the system store might be a good solution but as long as there isnt bigger interest I think using accept_invalid_certs is just the way with less added complexity to go.

from website-stalker.

As this feature seems to be working generally I will close this issue. If there are other feature requests or ideas feel free to comment or open a new issue.

from website-stalker.