Add ability to disable SSL verification completely

[andrewvc]

Unfortunately :verify doesn't really skip all checks like curl -k does.

It'd be great to be able to have curl -k like behavior (Just get the data, ignore all SSL issues).

I don't see a way to do this as a user because configuring the connection factory a-la http://stackoverflow.com/questions/2703161/how-to-ignore-ssl-certificate-errors-in-apache-httpclient-4-0 isn't possible. It'd be great to add in a feature whereby that could be done. I'll try to submit a PR soon.

[andrewvc]

This also goes to #52

[Yaiba782]

Hello hello
Is there any news about the ssl certificate validation option ?
How can I disable it ?

[yoavsradware]

hey all , is there something new ?

[rsk0]

Hate to me-too, but I'd love to have this functionality. (And exposed via http_poller.)

[cheald]

Oh man, I keep meaning to get to this, but I've just had zero bandwidth lately. If anyone wants to take a stab at this, I'd love to accept a PR. Otherwise, I'll try to get to it soon!

[cheald]

Can someone provide a test case that illustrates which issues we're trying to solve here? I'm having a hard time generating a spec which causes Manticore's behavior to break.

[ralph-tice]

try an expired certificate, or one without a hostname specified

[cheald]

Expired cert doesn't cause any problems on Ubuntu 18.04. I still can't find a way to repro this one :(

[moataz-py]

Hello I have modified multicore client file to make the default action is ALLOW ALL
I know it's not clean but I am not ruby developer to make it clean
it solved host name check in SSL certificate issue
/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/manticore-0.7.0-java/lib/manticore/client.rb

[111andre111]

Seems like these 2 PRs count into that direction meanwhile, would this already close this issue:
#99
#100

[kares]

verify: :disabled has been revised to ignore verification completely (#100 and #101),
the (legacy) verify: false case keeps working as before - still does a hostname check.