-
Notifications
You must be signed in to change notification settings - Fork 1.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support for ignoring certificate errors from upstream DNS servers #7086
Comments
Could you please elaborate on what are you trying to achieve ? Using secured SSL/TLS endpoints with the proper domain and checking that everything makes sense is actually the point to ensure nobody is "on the wire ..." |
I deployed adguardhome in my Windows 7 VM, I set up the upstream servers for tls:/8.8.4.4 and tls:/1.1.1.1, and found that there were a lot of certificate validation errors, and that using the ie browser (because it uses the schannel component that comes with the system) to access https://1.1.1.1 The prompts for certificate errors are consistent with those of adguardhome, and I'm wondering if I can skip the certificate errors and query them directly Translated with DeepL.com (free version) |
Why don't you just set up the upstream servers as:
So the certificates are actually validated ? |
Sometimes even when using |
The certificate is verified and if it's set to a domain name it's fine, but I'd like to reduce the time it takes to query the encrypted dns domain for the first time and also reduce the information leakage because of the sni |
Maybe there are some issues with processing the certificates? |
I have no idea. It just often/always give bad certificate when using cloudflare wrap. |
Prerequisites
I have checked the Wiki and Discussions and found no answer
I have searched other issues and found no duplicates
I want to request a feature or enhancement and not ask a question
The problem
When running adguardhome on Windows 7/8.1 and configuring the upstream dns as DOH and DOT of IP type, the certificate validity cannot be verified properly.
Proposed solution
Ignore SSL certificate checking or use non-systematic SSL certificate validity checking like Firefox
Alternatives considered and additional information
No response
The text was updated successfully, but these errors were encountered: