[PERF FW] Insecure cert libcurl#3434
Conversation
vhvb1989
added
the
pillar-performance
vhvb1989
requested review from
RickWinter,
ahsonkhan,
antkmsft and
gearama
as code owners
…-for-cpp into insecure-cert-libcurl
| * @brief When `true`, allows an invalid certificate authority. If this flag is set, the | ||
| * application does not receive a WINHTTP_CALLBACK_STATUS_FLAG_INVALID_CA callback. | ||
| */ | ||
| bool IgnoreUnknownServerCert = false; |
There was a problem hiding this comment.
Should we avoid abbreviations and use IgnoreUnknownCertificateAuthority?
nit: What should the reader infer from server here in the name?
There was a problem hiding this comment.
In a TLS 1.2 connection, there are two possible certificates: The server certificate and the client certificate. The server validates the client certificate, and the client validates the server certificate. This variable controls the validation of the server certificate, so it makes sense to me that the variable name should probably include "Server", since there is some level of ambiguity present.
Having said that, the variable doesn't control if it ignores an unknown server certificate, instead as you mentioned, the flag controls if an unknown CA should be allowed, which is somewhat different (a server certificate could be invalid if (for instance) the subject didn't match the IP address of the server - this flag doesn't disable that check).
3 participants
fixes: #1554
fixes: #2266
Make performance framework to set up the transport adapter to do insecure SSL (not validating peer cert).
Adding support for winHTTP to perform insecure requests (ignore unknown server certificate).
How to use:
Add parameter
--insecurewhen running performance tests.This is util for using an https proxy with a custom certificate