Make self-check not validate self-signed certificates

By default, `--tags=self-check` no longer validates certificates when `matrix_ssl_retrieval_method` is set to `self-signed`. Besides this default, people can also enable/disable validation using the individual role variables manually. Fixes #124 (Github Issue)
2019-03-22 09:39:17 +02:00
parent 1939fc9113
commit 73af8f7bbb
11 changed files with 29 additions and 3 deletions
--- a/roles/matrix-nginx-proxy/tasks/self_check_well_known.yml
+++ b/roles/matrix-nginx-proxy/tasks/self_check_well_known.yml
@ -7,6 +7,7 @@
        purpose: Client Discovery
        cors: true
        follow_redirects: false
+        validate_certs: "{{ matrix_nginx_proxy_self_check_validate_certificates }}"

 - block:
    - set_fact:
@ -15,6 +16,7 @@
          purpose: Server Discovery
          cors: false
          follow_redirects: true
+          validate_certs: "{{ matrix_nginx_proxy_self_check_validate_certificates }}"

    - name: Determine domains that we require certificates for (mxisd)
      set_fact:
--- a/roles/matrix-nginx-proxy/tasks/self_check_well_known_file.yml
+++ b/roles/matrix-nginx-proxy/tasks/self_check_well_known_file.yml
@ -11,6 +11,7 @@
    url: "{{ well_known_url_matrix }}"
    follow_redirects: false
    return_content: true
+    validate_certs: "{{ well_known_file_check.validate_certs }}"
  register: result_well_known_matrix
  ignore_errors: true

@ -37,6 +38,7 @@
    url: "{{ well_known_url_identity }}"
    follow_redirects: "{{ well_known_file_check.follow_redirects }}"
    return_content: true
+    validate_certs: "{{ well_known_file_check.validate_certs }}"
  register: result_well_known_identity
  ignore_errors: true