Add ssl_verify config option to fix certificate errors
Raw OpenSSL sockets don't find the system CA bundle the same way Net::HTTP does. ssl_verify (default: true) is now a config setting that applies to both HTTP REST calls and WebSocket connections. Set via `portainer-cli configure`. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
@@ -10,9 +10,10 @@ module PortainerCli
|
||||
class WebsocketExec
|
||||
READ_SIZE = 4096
|
||||
|
||||
def initialize(url, auth_header)
|
||||
def initialize(url, auth_header, ssl_verify: true)
|
||||
@url = URI.parse(url)
|
||||
@auth_header = auth_header
|
||||
@ssl_verify = ssl_verify
|
||||
end
|
||||
|
||||
def run
|
||||
@@ -33,7 +34,7 @@ module PortainerCli
|
||||
|
||||
if @url.scheme == 'wss'
|
||||
ctx = OpenSSL::SSL::SSLContext.new
|
||||
ctx.verify_mode = OpenSSL::SSL::VERIFY_PEER
|
||||
ctx.verify_mode = @ssl_verify ? OpenSSL::SSL::VERIFY_PEER : OpenSSL::SSL::VERIFY_NONE
|
||||
ssl = OpenSSL::SSL::SSLSocket.new(raw, ctx)
|
||||
ssl.hostname = @url.host
|
||||
ssl.sync_close = true
|
||||
|
||||
Reference in New Issue
Block a user