Add option to disable server certificate verification.
The option name mirrors the 'wget' option (also `--no-check-certificate`). The cURL equivalent is called `--insecure`, which is a bit unclear. Put in the "developers" section in documentation with proper warnings. Fixes #168
This commit is contained in:
klauspost
parent
1b95718460
commit
b872ff0237
2 changed files with 37 additions and 13 deletions
|
|
@ -294,6 +294,18 @@ here which are used for testing. These start with remote name eg
|
|||
|
||||
Write cpu profile to file. This can be analysed with `go tool pprof`.
|
||||
|
||||
### --no-check-certificate=true/false ###
|
||||
|
||||
`--no-check-certificate` controls whether a client verifies the
|
||||
server's certificate chain and host name.
|
||||
If `--no-check-certificate` is true, TLS accepts any certificate
|
||||
presented by the server and any host name in that certificate.
|
||||
In this mode, TLS is susceptible to man-in-the-middle attacks.
|
||||
|
||||
This option defaults to `false`.
|
||||
|
||||
**This should be used only for testing.**
|
||||
|
||||
Filtering
|
||||
---------
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue