fix(desktop): accept self-signed certs from configured external goosed host#8400
Conversation
…d host The certificate-error and setCertificateVerifyProc handlers only accepted self-signed certificates from localhost, making remote connection to an external goosed server impossible over HTTPS with its self-signed cert. Add isTrustedHost() that also trusts the user-configured externalGoosed host, so remote backends work without requiring a valid CA-signed cert. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: b491b7b621
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
| if (!isTrustedHost(request.hostname)) { | ||
| callback(-3); | ||
| return; | ||
| } |
There was a problem hiding this comment.
Extending the trust check to isTrustedHost() means external backends now enter this verifier path, but external mode never sets pinnedCertFingerprint (startGoosed returns certFingerprint: null for externalGoosed), so this branch calls callback(0) on every TLS handshake and disables certificate validation indefinitely for that host. In practice, any cert (expired, wrong chain, or MITM-presented) is accepted as long as the hostname matches the configured external URL, which is broader than “accept self-signed certs” and weakens transport security for remote connections.
Useful? React with 👍 / 👎.
1 participant
Summary
certificate-errorandsetCertificateVerifyProchandlers inmain.tsonly accepted self-signed certificates fromlocalhost, rejecting all other hostsisTrustedHost()that also trusts the user-configuredexternalGoosedhost, so remote backends work with self-signed certsTest plan
GOOSE_SERVER__SECRET_KEYhttps://<remote-host>:<port>with the secret keyfixes #8376