updater: allow accepting invalid TLS certs/hostnames via config

[christian-leingang]

Problem: updater fails when contacting servers with self-signed or internal TLS certs and error message is generic.

Solution: add two plugin config flags dangerousAcceptInvalidCerts and dangerousAcceptInvalidHostnames and builder methods to override them. These mirror http-plugin and reqwest's danger_accept_invalid_certs and danger_accept_invalid_hostnames.

Security: these settings are dangerous and should only be used in trusted environments or testing.

[github-actions]

Package Changes Through fce85ba

There are 26 changes which include barcode-scanner with patch, barcode-scanner-js with patch, biometric with patch, biometric-js with patch, clipboard-manager with patch, clipboard-manager-js with patch, deep-link with patch, deep-link-js with patch, dialog with patch, dialog-js with patch, fs with patch, fs-js with patch, geolocation with patch, geolocation-js with patch, haptics with patch, haptics-js with patch, nfc with patch, nfc-js with patch, notification with patch, notification-js with patch, opener with patch, opener-js with patch, shell with patch, shell-js with patch, updater with minor, updater-js with minor

Planned Package Versions

The following package releases are the planned based on the context of changes in this pull request.

package	current	next
api-example	2.0.36	2.0.37
api-example-js	2.0.32	2.0.33
deep-link-example-js	2.2.6	2.2.7
barcode-scanner	2.4.0	2.4.1
barcode-scanner-js	2.4.0	2.4.1
biometric	2.3.0	2.3.1
biometric-js	2.3.0	2.3.1
clipboard-manager	2.3.0	2.3.1
clipboard-manager-js	2.3.0	2.3.1
deep-link	2.4.3	2.4.4
deep-link-js	2.4.3	2.4.4
fs	2.4.2	2.4.3
fs-js	2.4.2	2.4.3
dialog	2.4.0	2.4.1
dialog-js	2.4.0	2.4.1
geolocation	2.3.0	2.3.1
geolocation-js	2.3.0	2.3.1
opener	2.5.0	2.5.1
opener-js	2.5.0	2.5.1
haptics	2.3.0	2.3.1
haptics-js	2.3.0	2.3.1
http	2.5.2	2.5.3
http-js	2.5.2	2.5.3
nfc	2.3.1	2.3.2
nfc-js	2.3.1	2.3.2
notification	2.3.1	2.3.2
notification-js	2.3.1	2.3.2
persisted-scope	2.3.2	2.3.3
shell	2.3.1	2.3.2
shell-js	2.3.1	2.3.2
single-instance	2.3.4	2.3.5
updater	2.9.0	2.10.0
updater-js	2.9.0	2.10.0

Add another change file through the GitHub UI by following this link.

---

Read about change files or the docs at github.com/jbolda/covector

[christian-leingang]

Would resolve the error (Issue 2579) caused by strict TLS certificate validation.

[FabianLars]

Thanks for the PR! would you mind adding a small changefile as well? There are some examples in the .changes dir :)

[FabianLars]

argh, i just noticed that we export the Config struct which means that this is a breaking change........

Before thinking about alternative implementations, let us wait a few days and see how the discussions about an early v3 release we're currently having goes.

[FabianLars]

.

[christian-leingang]

Thanks, I understand. I’ll wait for the v3 discussion and follow whatever the outcome is. If you prefer not to introduce a breaking change now, I can revert the Config edits and keep the functionality available only via the UpdaterBuilder (which should be non-breaking). Tell me which you’d like and I’ll update the PR accordingly.

[FabianLars]

yeah, give us a few days to see if the v3 discussion is going anywhere. The UpdaterBuilder idea would be a good alternative indeed though a bit unfortunate that we'd then have 2 places for dangerous settings.