-
Notifications
You must be signed in to change notification settings - Fork 701
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Require Trusting CA when securing sites #1488
Conversation
Logic seems sound to me. |
Thanks @adrum |
@adrum This is a pretty edge-case-y thing. I'll likely merge it anyway because the code isn't that complex, but is this really something we expect users to have to deal with? What's a practical situation in which someone is manually deleting the CA, and then also choosing not to trust the CA? |
I should've said: Thanks so much for the fix! Because it is an improvement to the flow, and doesn't overly complicate the code, I'm gonna merge it even though I don't know whether I expect this to really be a common experience. Thanks so much! |
Just a small note: when one use the 'trust' option of Valet, one is not asked to confirm the creation of certificates
In my case I'm not asked for any password when securing a local site |
@mattstauffer I agree with you that this is an edge case. I recall when implementing #1463 my CA was not trusted in my machine, so I'm guessing it was due to an older version of Valet when I first set up my machine that never trusted it? Or I manually removed it, but I cannot verify that. (Nor does it matter, aside from there might be others out there without a trusted CA). At the very least, it will help ensure those without a trusted CA will at least experience an error with a description of how to recover if they skip the Keychain Access GUI prompt. |
@adrum Totally makes sense. Thanks again for the PR!! |
When trying to reproduce #1487, I was able to get a Site in this state by following these steps:
valet install
This PR aims to prevent this state by doing the following:
secure
command, moves thecreateCa
invocation above theunsecure
command to prevent the old site's certificates from being removed if the Trust CA command is canceled. This prevents the site from being in an unpredictable state. If the command fails, it should leave the site alone. Otherwise, the site will be unsecured unexpectedly.cc @driesvints