Conversation

Notices

1.  (mint@ryona.agency)'s status on Tuesday, 02-Jul-2024 07:53:43 JST 

   in reply to

   • menherahair
   • this ad CAN be blocked, bitch

   @kirby @menherahair The easiest path is to just disable the certificate check entirely. I've been trying to drop the custom CA to both system and certifi's store, and it never worked.

   config :pleroma, :http, adapter: [ ssl_options: [ verify: :verify_none ] ]
   • this ad CAN be blocked, bitch (kirby@lab.nyanide.com)'s status on Tuesday, 02-Jul-2024 07:53:44 JST this ad CAN be blocked, bitch

     in reply to

     • menherahair
     • this ad CAN be blocked, bitch
     @menherahair cc @mint i think you'd know more than me about using custom ca with pleroma
   • this ad CAN be blocked, bitch (kirby@lab.nyanide.com)'s status on Tuesday, 02-Jul-2024 07:53:45 JST this ad CAN be blocked, bitch

     in reply to

     • menherahair
     @menherahair haha, i have the custom ca installed throughout the entire system here. apparently the people behind this fucking tls library used a hardcoded list of ca authorities to verify certs. im crying
   • this ad CAN be blocked, bitch (kirby@lab.nyanide.com)'s status on Tuesday, 02-Jul-2024 07:53:46 JST this ad CAN be blocked, bitch

     in reply to

     • menherahair
     @menherahair what
   • menherahair (menherahair@eientei.org)'s status on Tuesday, 02-Jul-2024 07:53:46 JST menherahair

     in reply to

     • this ad CAN be blocked, bitch
     @kirby run pleromer in chroot, install custom ca there
   • this ad CAN be blocked, bitch (kirby@lab.nyanide.com)'s status on Tuesday, 02-Jul-2024 07:53:48 JST this ad CAN be blocked, bitch

     in reply to

     • this ad CAN be blocked, bitch
     doesn't seem to be. i know nothing about elixir or hex so i'm basically working with magical runes here. not sure how im going to continue
   • menherahair (menherahair@eientei.org)'s status on Tuesday, 02-Jul-2024 07:53:48 JST menherahair

     in reply to

     • this ad CAN be blocked, bitch
     @kirby chroot and bind mount like a man
   • this ad CAN be blocked, bitch (kirby@lab.nyanide.com)'s status on Tuesday, 02-Jul-2024 07:53:49 JST this ad CAN be blocked, bitch

     in reply to

     • this ad CAN be blocked, bitch
     well not even that works for some reason, is this a deliberate design choice?
   • this ad CAN be blocked, bitch (kirby@lab.nyanide.com)'s status on Tuesday, 02-Jul-2024 07:53:50 JST this ad CAN be blocked, bitch
     turns out the ssl library in elixir is really weird. there's this documented environment variable called HEX_CACERTS_PATH that lets you specify a custom ca authority but it doesn't seem to work with pleroma
     
     oh well, unsafe https will have to do