Make self-check not validate self-signed certificates

By default, `--tags=self-check` no longer validates certificates when `matrix_ssl_retrieval_method` is set to `self-signed`. Besides this default, people can also enable/disable validation using the individual role variables manually. Fixes #124 (Github Issue)
2019-03-22 09:39:17 +02:00
parent 1939fc9113
commit 73af8f7bbb
11 changed files with 29 additions and 3 deletions
--- a/roles/matrix-mxisd/defaults/main.yml
+++ b/roles/matrix-mxisd/defaults/main.yml
@ -55,6 +55,9 @@ matrix_mxisd_threepid_medium_email_custom_session_validation_template: ""
 matrix_mxisd_threepid_medium_email_custom_unbind_fraudulent_template: ""
 matrix_mxisd_threepid_medium_email_custom_matrixid_template: ""

+# Controls whether the self-check feature should validate SSL certificates.
+matrix_mxisd_self_check_validate_certificates: true
+
 # Default mxisd configuration template which covers the generic use case.
 # You can customize it by controlling the various variables inside it.
 #
--- a/roles/matrix-mxisd/tasks/self_check_mxisd.yml
+++ b/roles/matrix-mxisd/tasks/self_check_mxisd.yml
@ -7,6 +7,7 @@
  uri:
    url: "{{ mxisd_url_endpoint_public }}"
    follow_redirects: false
+    validate_certs: "{{ matrix_mxisd_self_check_validate_certificates }}"
  register: result_mxisd
  ignore_errors: true