> On 4. Aug 2022, at 01:32, Tatsuki Makino <tatsuki_mak...@hotmail.com> wrote:
>
> I looked into this wondering why the poudriere is not blocking the
> propagation of the value, but the poudriere is not being affected by the
> value.
> Then, I think that is the reason why we are not getting the results we need :)
>
> Of course, a better solution would be to set up the verification so that it
> does not need to be bypassed.
>
> Regards
The requester might also use a letsencrypt issued cert (using dns01 in case the
site it isn’t available publicly).
In theory, a self-signed cert can be more secure if you pin it, but since their
approach was ignoring cert verification completely, this level of security
probably isn’t what they were going for.
Cheers
Michael
> .
>
> Michael Gmelin wrote on 2022/08/04 07:58:
>>> Thanks, I simply copy and pasted what the requester used (assuming they
>>> already tested that exact value outside of poudriere), since my response
>>> was about the mechanics of how to get that variable in and not its name.
>>>
>> p.s. I also agree that adding the self signed cert to the trust bundle is
>> preferable to just not checking ssl at all. Git allows configuring these
>> setting per domain by the way. I learned today that there is a service
>> called badssl.com, which provides a couple of subdomains to simulate various
>> error scenarios, which is quite useful when testing.
>
