-
Notifications
You must be signed in to change notification settings - Fork 88
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Rover fails to introspect local HTTPS server with self-signed certificate #720
Comments
Seems reasonable. Prior art here likely being Python's Perhaps we would name this Alternatively, I could imagine we perhaps want more granularity for this and we want this to be part of either the user profile or a sub-graph specific configuration? (e.g., each subgraph may have different desires to have its validation ignored!) Quite related, I could also see us needing a ~ |
We are in the same situation. A |
Is it possible to add these self-signed certs to OpenSSL's trusted certs in |
Possibly! I guess on macOS this might require users to add it to their System Keychain. That might be fine, but also might be difficult if the certificate they merely want to support is, for example, checked into a repository. (I'm not sure if this is common, nor am I sure it's particuarly insecure for particular users' cases.) (Or if they want it to be a transient / non-permanent thing) |
@EverlastingBugstopper Adding the cert is non-trivial and something we want to avoid if possible. Our current development environment does require us to use |
I've opened a pull request that adds this capability in case anybody wants to take a look. |
cc @joeynenni and @ZachGoldberg - Rover v0.3.0 is out today which includes flags for disabling hostname validation and/or certificate validation |
This is great, thank you @EverlastingBugstopper! |
Description
We test locally using HTTPS with a self signed certificate and I'm basically looking for a ALLOW_INSECURE flag for rover.
Steps to reproduce
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout server.key -out server.crt
rover subgraph introspect 'https://localhost:4000/graphql
Expected result
Rover produces a schema as usual
Actual result
The text was updated successfully, but these errors were encountered: