Incomplete certificate chain
TjeuKayim opened this issue · comments
This link checker fails if the server's certificate chain is incomplete.
For example, https://incomplete-chain.badssl.com/ will throw: error trying to connect: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:../ssl/statem/statem_clnt.c:1924: (unable to get local issuer certificate)
.
Most browsers still accept this (AIA fetching).
Can mdbook-linkcheck get an option to ignore HTTPS certificates with incomplete chain? Maybe only for a whitelist of configured domains.
I guess we could use reqwest::ClientBuilder::danger_accept_invalid_certs()
to globally disable certificate validation when creating the HTTP client... But if the server on the other side has invalid certs most browsers will refuse to display the page, which is a pretty good definition for "broken link".
Can't you add the server to the exclude
section under [output.linkcheck]
?
I'm going to close this issue as Wont-Fix. If your website has bad certificates then I'd argue that it is broken, and should be reported as such.