🚀 Feature Request: Allow arbitrary unauthorized self-signed certificates

[skaldebane]

Describe the solution

Hi there! Not sure if this should be a bug or a feature request, but here's my need:

I'm trying to build a Gemini proxy (an HTTP proxy for the Gemini protocol). More info about Gemini is here: https://geminiprotocol.net, but it's similar to Gopher, and I've been able to use the same sample code for Gopher (in the TCP documentation) with little changes.

The main difference between them however is that Gemini enforces the use of TLS, but not through CAs, but instead through self-signed certificates (on the server-side). This means that building a proxy requires that I accept any valid certificate, without checking it against a CA.

Yes, that allows MITM attacks and such, but this is the way Gemini is designed. For now, I get this error:

✘ [ERROR] workerd/jsg/util.c++:276: error: e = kj/compat/tls.c++:221: failed: TLS peer's certificate is not trusted; reason = self signed certificate

But I can't seem to find a way to basically skip certificate checks. In Node.js this can be done using the NODE_TLS_REJECT_UNAUTHORIZED=0 env var, but it doesn't work in Workers.

Thanks in advance.

[skaldebane]

Here's the repository, just in case: https://github.com/Skaldebane/gemini-proxy-worker

[makhil006]

Also need this feature