TLS error when scanning an internal API
TmmmmmR opened this issue · comments
Describe the bug
I’m trying to integrate cherrybomb within our CI/CD but I faced the following a TLS error.
To Reproduce
Steps to reproduce the behavior:
cherrybomb oas --file swagger_docs.json -a 1 --format txt -v 2
ERROR: error sending request for url ([https://internal-api//v1/rates/](https://internal-api/v1/rates/)): error trying to connect: invalid peer certificate contents: invalid peer certificate: UnknownIssuer
It’s an internal API of my company, and the certificate is already installed/trusted in my local machine (other installed tool, like curl, can access the same URL without any TLS error) and it's not self-signed certificate.
Expected behavior
The ability to trust pre installed certificate on the local machine, or just simply a setting parameter to ignore certificate check (which can be a bit dangerous).
Desktop (please complete the following information):
- OS: Linux LTPAR500977 5.10.16.3-microsoft-standard-WSL2 #1 SMP Fri Apr 2 22:23:49 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
- Version : v0.7.0
Additional context
I've installed cherrybomb using the cargo install cherrybomb
cmd.
Hey @TmmmmmR, Thank you for bringing this to our attention. a new CLI will soon be implemented which will include the --ignore-tls-errors
flag.
As for using the certificates trusted on the machine, we are looking into our implementation of the reqwest crate
We already solved I close this issue