Add ssl_verify config option to fix certificate errors

Raw OpenSSL sockets don't find the system CA bundle the same way Net::HTTP
does. ssl_verify (default: true) is now a config setting that applies to
both HTTP REST calls and WebSocket connections. Set via `portainer-cli configure`.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
2026-03-22 13:07:07 +01:00
parent a1015366a9
commit c59deca51e
6 changed files with 20 additions and 12 deletions
+3 -2
View File
@@ -10,9 +10,10 @@ module PortainerCli
class WebsocketExec
READ_SIZE = 4096
def initialize(url, auth_header)
def initialize(url, auth_header, ssl_verify: true)
@url = URI.parse(url)
@auth_header = auth_header
@ssl_verify = ssl_verify
end
def run
@@ -33,7 +34,7 @@ module PortainerCli
if @url.scheme == 'wss'
ctx = OpenSSL::SSL::SSLContext.new
ctx.verify_mode = OpenSSL::SSL::VERIFY_PEER
ctx.verify_mode = @ssl_verify ? OpenSSL::SSL::VERIFY_PEER : OpenSSL::SSL::VERIFY_NONE
ssl = OpenSSL::SSL::SSLSocket.new(raw, ctx)
ssl.hostname = @url.host
ssl.sync_close = true