LOC-26: Allow enabling of SSL cert verification

Issue Information

Issue Type: Sub-task
Priority: Major
Status: Closed

Reported By:
Ben Tasker
Assigned To:
Ben Tasker
Project: LocalChat (LOC)
Resolution: Done (2018-05-26 10:12:55)
Target version: V0.0.2,
Components: Client ,

Created: 2018-05-26 10:07:36
Time Spent Working
Child of: LOC-22: Command line options

By default we do not verify SSL certificates because the server runs in ad-hoc mode.

However, if the server is being proxied to by an existing site with a valid certificate, we'll probably want to verify the returned cert.

Need to add support for a --verify command line option

Issue Links

Toggle State Changes


btasker changed status from 'Open' to 'Resolved'
btasker added 'Done' to resolution
Repo: LocalChat

commit 71cbae0ad67cd7a5f1b3948972949e3054e5f7bf
Author: B Tasker <github@<Domain Hidden>>
Date: Sat May 26 10:11:41 2018 +0100

Commit Message: LOC-26 add support for --verify

This re-enables SSL certificate verification, so that if we're communicating via a trusted reverse proxy with a publicly signed SSL cert we can check we're communicating with the system we think we are.

client/LocalChatClient.py | 30 ++++++++++++++++--------------
1 files changed, 16 insertions(+), 14 deletions(-)

View Commit | View Changes
Assuming you've got a website setup at example.com using a valid publicly signed SSL certificate, with a nginx config something like the following
location /foobarnotverywellhidden {
    proxy_pass https://localhost:8090/;

You can now tell the client both to use example.com as the server, but also to verify example.com's certificate when connecting

./client/LocalChat.py --verify https://example.com/foobarnotverywellhidden/
btasker changed status from 'Resolved' to 'Closed'