remove insecure testing code
This commit is contained in:
Face
@@ -39,26 +39,11 @@ impl GurtCAClient {
|
|||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
pub fn new_insecure(ca_url: String) -> Result<Self> {
|
|
||||||
println!("⚠️ WARNING: Using insecure mode - TLS certificates will not be verified!");
|
|
||||||
println!("⚠️ This should only be used for bootstrapping or testing purposes.");
|
|
||||||
|
|
||||||
// For now, just use default client - we'd need to add insecure support to GURT library
|
|
||||||
let gurt_client = GurtClient::new();
|
|
||||||
|
|
||||||
Ok(Self {
|
|
||||||
ca_url,
|
|
||||||
gurt_client,
|
|
||||||
})
|
|
||||||
}
|
|
||||||
|
|
||||||
pub async fn new_with_ca_discovery(ca_url: String) -> Result<Self> {
|
pub async fn new_with_ca_discovery(ca_url: String) -> Result<Self> {
|
||||||
println!("🔍 Attempting to connect with system CA trust store...");
|
println!("🔍 Attempting to connect with system CA trust store...");
|
||||||
|
|
||||||
// Try default connection first - might work if server uses publicly trusted cert
|
|
||||||
let test_client = Self::new(ca_url.clone())?;
|
let test_client = Self::new(ca_url.clone())?;
|
||||||
|
|
||||||
// Test connection to see if it works
|
|
||||||
match test_client.test_connection().await {
|
match test_client.test_connection().await {
|
||||||
Ok(_) => {
|
Ok(_) => {
|
||||||
println!("✅ Connection successful with system CA trust store");
|
println!("✅ Connection successful with system CA trust store");
|
||||||
@@ -66,11 +51,6 @@ impl GurtCAClient {
|
|||||||
}
|
}
|
||||||
Err(e) => {
|
Err(e) => {
|
||||||
if e.to_string().contains("UnknownIssuer") {
|
if e.to_string().contains("UnknownIssuer") {
|
||||||
println!("❌ Server uses custom CA certificate not in system trust store");
|
|
||||||
println!("💡 Solutions:");
|
|
||||||
println!(" 1. Ask server admin to provide CA certificate");
|
|
||||||
println!(" 2. Use --insecure flag for testing (not recommended)");
|
|
||||||
println!(" 3. Install server's CA certificate in system trust store");
|
|
||||||
anyhow::bail!("Custom CA certificate required - server not trusted by system")
|
anyhow::bail!("Custom CA certificate required - server not trusted by system")
|
||||||
} else {
|
} else {
|
||||||
return Err(e);
|
return Err(e);
|
||||||
|
|||||||
@@ -14,9 +14,6 @@ struct Cli {
|
|||||||
|
|
||||||
#[arg(long, default_value = "gurt://localhost:8877")]
|
#[arg(long, default_value = "gurt://localhost:8877")]
|
||||||
ca_url: String,
|
ca_url: String,
|
||||||
|
|
||||||
#[arg(long, help = "Skip TLS certificate verification (insecure, for bootstrapping only)")]
|
|
||||||
insecure: bool,
|
|
||||||
}
|
}
|
||||||
|
|
||||||
#[derive(Subcommand)]
|
#[derive(Subcommand)]
|
||||||
@@ -37,11 +34,7 @@ enum Commands {
|
|||||||
async fn main() -> Result<()> {
|
async fn main() -> Result<()> {
|
||||||
let cli = Cli::parse();
|
let cli = Cli::parse();
|
||||||
|
|
||||||
let client = if cli.insecure {
|
let client = client::GurtCAClient::new_with_ca_discovery(cli.ca_url).await?
|
||||||
client::GurtCAClient::new_insecure(cli.ca_url)?
|
|
||||||
} else {
|
|
||||||
client::GurtCAClient::new_with_ca_discovery(cli.ca_url).await?
|
|
||||||
};
|
|
||||||
|
|
||||||
match cli.command {
|
match cli.command {
|
||||||
Commands::Request { domain, output } => {
|
Commands::Request { domain, output } => {
|
||||||
|
|||||||
Reference in New Issue
Block a user