Add option to excuse domain from `--require-https` about lychee HOT 17 CLOSED

I'm running v0.11.1, fwiw.

So... should I close this issue and open a new issue for that?

from lychee.

that's a server configuration issue i believe you should address it directly, not ignore it.

from lychee.

@lebensterben - Linking to someone else's domain. I'd love to fix their website for them, but unfortunately I'm not that good of a hacker yet! 😂

Also, --require-https appears to be recommending I use https for e.g. this link even though it gives an invalid cert error over https...

from lychee.

both http://www.palitext.com/JPTS_scans/JPTS_2007_XXIX.pdf and https://www.palitext.com/JPTS_scans/JPTS_2007_XXIX.pdf are 404 so i don't understand why would it tell you to use https.

from lychee.

we currently group results by their status, success, failure, timeout, ignored, etc.

I now think we should instead group them by levels such as

• Info: Success, ignored
• Warn: Not using HTTPS, not wrapping URL in angle bracket in Markdown file (this is not implemented)
• Error: Failure, timeout

from lychee.

Oh, I'm sorry. The real link was the home page: http://www.palitext.com/ which is a redirect. In my browser at least, the https version gives a cert error. This was the link it told me to make HTTPS

from lychee.

In my browser at least

something wrong with your browser

from lychee.

Oh? The https version works fine in your browser? No CERT_NAME error? Anyway, that's a different bug anyway. This task is for excluding domains from https enforcement 😁

from lychee.

I object this proposal because it will make CLI options very complicated.

Instead I proposed #960 (comment) so that this becomes a warning instead of an error for CI.

from lychee.

https://www.palitext.com/ produces a cert error for me as well.
Don't want to add a CLI option for it, because it's quite a special case.
You could run lychee twice:

lychee --require-https --exclude palitext.com ...
lychee --exclude .* --include palitext.com ...

It's a little tedious, but it has the effect you want I guess.

from lychee.

produces a cert error for me as well

Ah good! As well it should. @lebensterben, you may want to check your security settings!

You could run lychee twice:

Ah, good idea. Since this is possible with the flags as is you may close this if you like 🙂

Should I open a new Issue for the Cert Error thing?

from lychee.

@buddhist-uni

I don't think my security settings is wrong... I'm testing on ios

from lychee.

Should I open a new Issue for the Cert Error thing?

What is the output you're getting?

I tried this and it looks reasonable:

echo 'https://www.palitext.com/JPTS_scans/JPTS_2007_XXIX.pdf' | lychee --require-https -                                                                                                                                                       ✘
Issues found in 1 input. Find details below.

[stdin]:
✗ [ERR] https://www.palitext.com/JPTS_scans/JPTS_2007_XXIX.pdf | Failed: Network error: The certificate was not trusted.

🔍 1 Total ✅ 0 OK 🚫 1 Error (HTTP:1)

from lychee.

Even though the https certificate is invalid (wrong domain name), Lychee thinks it's fine:

echo 'https://www.palitext.com' | lychee --require-https -
⠚ 1/1 ETA 0s ████████████████████ ✔ [200] 
🔍 1 Total ✅ 1 OK 🚫 0 Errors

Shouldn't that be an error?

Compare to the output by curl:

curl -I https://www.palitext.com

curl: (60) SSL: no alternative certificate subject name matches target host name 'www.palitext.com'
More details here: https://curl.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.

from lychee.

Strange, I'm getting the expected error:

echo 'https://www.palitext.com' | lychee --require-https -                                                                                                                                                                                     ✘
Issues found in 1 input. Find details below.

[stdin]:
✗ [ERR] https://www.palitext.com/ | Failed: Network error: The certificate was not trusted.

🔍 1 Total ✅ 0 OK 🚫 1 Error (HTTP:1)

...even without --require-https:

echo 'https://www.palitext.com' | lychee -                                                                                                                                                                                                     ✘
Issues found in 1 input. Find details below.

[stdin]:
✗ [ERR] https://www.palitext.com/ | Failed: Network error: The certificate was not trusted.

🔍 1 Total ✅ 0 OK 🚫 1 Error (HTTP:1)

from lychee.

Openned #966 for the SSL issue 😊

from lychee.

So... should I close this issue and open a new issue for that?

Yup, let's move the discussion over to #966. Thanks!

from lychee.