LOC-26: Allow enabling of SSL cert verification

Issue Information

Issue Type: Sub-task
 
Priority: Major
Status: Closed

Reported By:
Ben Tasker
Assigned To:
Ben Tasker
Project: LocalChat (LOC)
Resolution: Done (2018-05-26 10:12:55)
Target version: V0.0.2,
Components: Client ,

Created: 2018-05-26 10:07:36
Time Spent Working
Child of: LOC-22: Command line options


Description
By default we do not verify SSL certificates because the server runs in ad-hoc mode.

However, if the server is being proxied to by an existing site with a valid certificate, we'll probably want to verify the returned cert.

Need to add support for a --verify command line option


Issue Links

relates to LOC-27: Auth headers support
Toggle State Changes

Activity


2018-05-26 10:12:56
btasker changed status from 'Open' to 'Resolved'

2018-05-26 10:12:56
btasker added 'Done' to resolution

2018-05-26 10:14:37
Repo: LocalChat
Host:Rimmer

commit 71cbae0ad67cd7a5f1b3948972949e3054e5f7bf
Author: B Tasker <github@<Domain Hidden>>
Date: Sat May 26 10:11:41 2018 +0100

Commit Message: LOC-26 add support for --verify

This re-enables SSL certificate verification, so that if we're communicating via a trusted reverse proxy with a publicly signed SSL cert we can check we're communicating with the system we think we are.

client/LocalChatClient.py | 30 ++++++++++++++++--------------
1 files changed, 16 insertions(+), 14 deletions(-)


View Commit | View Changes

2018-05-26 10:16:16
Assuming you've got a website setup at example.com using a valid publicly signed SSL certificate, with a nginx config something like the following 
location /foobarnotverywellhidden {
    proxy_pass https://localhost:8090/;
}


You can now tell the client both to use example.com as the server, but also to verify example.com's certificate when connecting

./client/LocalChat.py --verify https://example.com/foobarnotverywellhidden/

2018-05-26 10:16:16
btasker changed status from 'Resolved' to 'Closed'