Ability to ignore invalid certificate

Question

Ability to ignore invalid certificate

Closed this issue 8 years ago · 4 comments

I'm trying to connect to an instance with a self-signed cert using amqps://... and am receiving the following error:

Dial: x509: cannot validate certificate for 127.0.0.1 because it doesn't contain any IP SANs

It would be handy to have a means to skip certificate validation or just log if there's an issue.

Answer 1 · 2016-09-07T05:39:19.000Z

Thanks for the suggestion. Indeed I haven't dealt with any TLS-related options, like setting the known CAs and setting client-side certificate (+key).

I'll try to add at least the option to (insecurely) ignore TLS errors (like hostname mismatch, expired certs, unknown issuer CA).

Answer 2 · 2016-09-08T21:03:40.000Z

@robmoore Can you please try the code from git branch tls-insecure ? I added an optional -insecure-tls switch which should instruct the TLS layer to skip certificate verification. Let me know if it solves the issue you encountered.

Answer 3 · 2016-10-12T23:11:58.000Z

It works! Thanks for implementing this.

Answer 4 · 2016-11-01T09:15:25.000Z

This is now part of the v0.3 release.

Thanks @robmoore for suggesting and helping to test.