Page 1 of 1

Add a new preference to accept uncertified SSL RSS

Posted: 25 Jan 2017, 11:21
by zoider
Hi,

I'm reading some RSS coming from uncertified SSL host (some other tiny-rss instance on a raspberry pi with no possibility to "let's encrypt" the domain).

Unfortunately tt-rss doesn't allow uncertified SSL.

So to fix this I had to copy paste manually these two lines :

Code: Select all

curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);


In include/functions.php around line 390.

Each time functions.php is updated, the git pull origin doesn't work, so I had to do :

Code: Select all

git checkout origin include/functions.php
git pull origin master
nano include/functions.php


And had these two lines again.


I was wondering if it was possible to add these two lines permanently.
I was thinking of having a new preference, a new checkbox to let user choose if he wants or not to activate uncertified SSL.

Thanks,

Zoider

Re: Add a new preference to accept uncertified SSL RSS

Posted: 25 Jan 2017, 11:28
by fox
no, i'm definitely not opening up tt-rss to any dimwit MITMer out there because some dipshit couldn't figure out letsencrypt in the year of our lord 2017

consider making a plugin instead

Re: Add a new preference to accept uncertified SSL RSS

Posted: 25 Jan 2017, 11:31
by zoider
Ok :)

Re: Add a new preference to accept uncertified SSL RSS

Posted: 25 Jan 2017, 15:23
by JustAMacUser
The correct solution to your issue, zoider, is to use a self-signed certificate and add the public certificate to the subscribing machine's trusted certificates store.

Re: Add a new preference to accept uncertified SSL RSS

Posted: 25 Jan 2017, 15:44
by fox
yeah make your own CA and issue certificates, takes like 10 minutes

Re: Add a new preference to accept uncertified SSL RSS

Posted: 25 Jan 2017, 17:29
by undefined
or use git properly / "to its fullest"

(not that i'm against running a CA, as i do for OpenVPN and HTTP client auth, but rebasing seems to be the easier approach for maintaining this user's local customization.)

Code: Select all

nano include/functions.php
git add include/functions.php
git commit


and then when you are ready to "upgrade"...

Code: Select all

git fetch origin
git rebase origin/master


of course that assumes that there's no conflicts between your commit and new upstream commits (that git can't resolve with a 3-way merge).

if there are conflicts, then with your simplistic change, you should be able to easily...

Code: Select all

nano include/functions.php
git add include/functions.php
git rebase --continue


beware that just as your change "tainted" your tt-rss install and made it unsupported by fox, this doesn't change that but hopefully removes the friction of maintaining your change.

remember if all else fails, then to get back to fox's version...

Code: Select all

git rebase --abort
git reset --hard origin/master

Re: Add a new preference to accept uncertified SSL RSS

Posted: 26 Jan 2017, 09:55
by zoider
Thanks for all these answer, I will try them with the owner of the raspberry. :)