Make sure the mirrors HTTPS certificate are actually valid. 🔼

I think LuaSEC is doing the correct thing now, but I should double check that.

reported=2019-09-10 05:33:15

reporter=onefang

priority=normal

category=TODO

severity=feature

resolution=reopened

2019-11-12 15:39:05 onefang: I switched the checks to use command line curl, which includes an option to print "The result of the SSL peer certificate verification that was requested.", so I'm using that.

2019-11-23 13:02:39 onefang: beerbelott: https://ec.haxx.se/usingcurl-connections.html

beerbelott: It seems to explain the differences between --resolve & --connect-to

beerbelott: For our use-case they seem equivalent

Beerbelott spent some time trying to convince me to switch from --connect-to to --resolve, on the basis that it's less letters.  I'm currently sticking with --connect-to as it's the only one documented to deal with SNI.  And it seems to work.

2019-12-26 02:42:43 onefang: First of all https://ec.haxx.se/usingcurl-connections.html redirects to the top page of the entire book, which is split into "page per paragraph" nonsense, with no sign of a all on one page so you can search it, and even it's own links to other versions all redirect back to the top.  So I had to download the source to search it.

In that book the use case for --connect-to is exactly our use case, probing specific hosts behind a common name / redirects.