Make sure the mirrors HTTPS certificate are actually valid. ๐ผ
I think LuaSEC is doing the correct thing now, but I should double check that.
reported=2019-09-10 05:33:15
reporter=onefang
priority=normal
category=TODO
severity=feature
resolution=reopened
2019-11-12 15:39:05 onefang: I switched the checks to use command line curl, which includes an option to print "The result of the SSL peer certificate verification that was requested.", so I'm using that.
2019-11-23 13:02:39 onefang: beerbelott: https://ec.haxx.se/usingcurl-connections.html
beerbelott: It seems to explain the differences between --resolve & --connect-to
beerbelott: For our use-case they seem equivalent
Beerbelott spent some time trying to convince me to switch from --connect-to to --resolve, on the basis that it's less letters. ย I'm currently sticking with --connect-to as it's the only one documented to deal with SNI. ย And it seems to work.
2019-12-26 02:42:43 onefang: First of all https://ec.haxx.se/usingcurl-connections.html redirects to the top page of the entire book, which is split into "page per paragraph" nonsense, with no sign of a all on one page so you can search it, and even it's own links to other versions all redirect back to the top. ย So I had to download the source to search it.
In that book the use case for --connect-to is exactly our use case, probing specific hosts behind a common name / redirects.
2019-12-26 02:43:22 onefang: I'm fairly certain this is resolved.