Certificate that doesn't go through the chain is not fatal, just send the warning over json.

2019-02-12 21:14:23 +03:00 · 2019-02-12 21:14:23 +03:00 · 57a33654f7
parent 30050bf278
commit 57a33654f7
2 changed files with 3 additions and 2 deletions
--- a/config.go
+++ b/config.go
@ -74,6 +74,7 @@ type tlsConfig struct {
 	StatusCertificate string `yaml:"status_cert" json:"status_cert,omitempty"`
 	StatusKey         string `yaml:"status_key" json:"status_key,omitempty"`
 	Warning           string `yaml:"warning" json:"warning,omitempty"`
+	WarningValidation string `yaml:"warning_validation" json:"warning_validation,omitempty"`
 }

 // initialize to default values, will be changed later when reading config or parsing command line
--- a/control.go
+++ b/control.go
@ -1147,8 +1147,8 @@ func validateCertificates(data tlsConfig) (tlsConfig, error) {
 		mainCert := parsedCerts[0]
 		_, err := mainCert.Verify(opts)
 		if err != nil {
-			// TODO: let self-signed certs through
-			return data, errorx.Decorate(err, "Your certificate does not verify")
+			// let self-signed certs through
+			data.WarningValidation = fmt.Sprintf("Your certificate does not verify: %s", err)
 		}
 		// spew.Dump(chains)