fix(dgw): set default value of TlsVerifyStrict to false #1419
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Previously, strict TLS verification was performed even when the TlsVerifyStrict key was absent from the configuration file. From now on, if this key is missing, it will default to "TlsVerifyStrict": false. This change ensures that existing users who are currently using improper certificates will not be affected. At the same time, newly generated configuration files will continue to include "TlsVerifyStrict": true by default, encouraging using proper certificates from the start. New users can still opt out of strict verification by explicitly setting the value to false or removing the key entirely if they are willing to accept potential compatibility issues with some clients, such as Chrome or macOS.
thenextman
approved these changes
Jul 10, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Previously, strict TLS verification was performed even when the TlsVerifyStrict key was absent from the configuration file.
From now on, if this key is missing, it will default to "TlsVerifyStrict": false.
This change ensures that existing users who are currently using improper certificates will not be affected. At the same time, newly generated configuration files will continue to include "TlsVerifyStrict": true by default, encouraging using proper certificates from the start.
New users can still opt out of strict verification by explicitly setting the value to false or removing the key entirely if they are willing to accept potential compatibility issues with some clients, such as Chrome or macOS.
A warning will be logged if the option is disabled as it may hide latent issues.
Hopefully, this lead the user to enable the option, and fix the underlying certificate issue if necessary.