Add a new preference to accept uncertified SSL RSS

Request new functionality here
User avatar
zoider
Bear Rating Trainee
Bear Rating Trainee
Posts: 28
Joined: 16 Sep 2015, 05:00

Add a new preference to accept uncertified SSL RSS

Postby zoider » 25 Jan 2017, 11:21

Hi,

I'm reading some RSS coming from uncertified SSL host (some other tiny-rss instance on a raspberry pi with no possibility to "let's encrypt" the domain).

Unfortunately tt-rss doesn't allow uncertified SSL.

So to fix this I had to copy paste manually these two lines :

[code]curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);[/code]

In include/functions.php around line 390.

Each time functions.php is updated, the git pull origin doesn't work, so I had to do :

[code]git checkout origin include/functions.php
git pull origin master
nano include/functions.php[/code]

And had these two lines again.


I was wondering if it was possible to add these two lines permanently.
I was thinking of having a new preference, a new checkbox to let user choose if he wants or not to activate uncertified SSL.

Thanks,

Zoider

User avatar
fox
^ me reading your posts ^
Posts: 6318
Joined: 27 Aug 2005, 22:53
Location: Saint-Petersburg, Russia
Contact:

Re: Add a new preference to accept uncertified SSL RSS

Postby fox » 25 Jan 2017, 11:28

no, i'm definitely not opening up tt-rss to any dimwit MITMer out there because some dipshit couldn't figure out letsencrypt in the year of our lord 2017

consider making a plugin instead

User avatar
zoider
Bear Rating Trainee
Bear Rating Trainee
Posts: 28
Joined: 16 Sep 2015, 05:00

Re: Add a new preference to accept uncertified SSL RSS

Postby zoider » 25 Jan 2017, 11:31

Ok :)

JustAMacUser
Bear Rating Overlord
Bear Rating Overlord
Posts: 373
Joined: 20 Aug 2013, 23:13

Re: Add a new preference to accept uncertified SSL RSS

Postby JustAMacUser » 25 Jan 2017, 15:23

The correct solution to your issue, zoider, is to use a self-signed certificate and add the public certificate to the subscribing machine's trusted certificates store.

User avatar
fox
^ me reading your posts ^
Posts: 6318
Joined: 27 Aug 2005, 22:53
Location: Saint-Petersburg, Russia
Contact:

Re: Add a new preference to accept uncertified SSL RSS

Postby fox » 25 Jan 2017, 15:44

yeah make your own CA and issue certificates, takes like 10 minutes

undefined
Bear Rating Trainee
Bear Rating Trainee
Posts: 4
Joined: 24 Oct 2013, 17:06

Re: Add a new preference to accept uncertified SSL RSS

Postby undefined » 25 Jan 2017, 17:29

or use git properly / "to its fullest"

(not that i'm against running a CA, as i do for OpenVPN and HTTP client auth, but rebasing seems to be the easier approach for maintaining this user's local customization.)

[code]
nano include/functions.php
git add include/functions.php
git commit
[/code]

and then when you are ready to "upgrade"...

[code]
git fetch origin
git rebase origin/master
[/code]

of course that assumes that there's no conflicts between your commit and new upstream commits (that git can't resolve with a 3-way merge).

if there are conflicts, then with your simplistic change, you should be able to easily...

[code]
nano include/functions.php
git add include/functions.php
git rebase --continue
[/code]

beware that just as your change "tainted" your tt-rss install and made it unsupported by fox, this doesn't change that but hopefully removes the friction of maintaining your change.

remember if all else fails, then to get back to fox's version...

[code]
git rebase --abort
git reset --hard origin/master
[/code]

User avatar
zoider
Bear Rating Trainee
Bear Rating Trainee
Posts: 28
Joined: 16 Sep 2015, 05:00

Re: Add a new preference to accept uncertified SSL RSS

Postby zoider » 26 Jan 2017, 09:55

Thanks for all these answer, I will try them with the owner of the raspberry. :)


Return to “Feature requests”

Who is online

Users browsing this forum: No registered users and 4 guests