Retry to use http when OpenSSL::SSL::SSLError raises

[yoshimov]

We are using http for mastodon instance inside of the company, but when the instance opens port 443 or uses different port from 80, goldfinger library fail to fetch the webfinger because of SSLError. Could you retry to use http when the OpenSSL::SSL::SSLError raises?

[Gargron]

I am not sure if this is a safe change. If there is no SSL, that's one thing, but SSLError could also be because the certificate is unverified, which might be a MITM attack - in which case falling back to http is not wise.

[yoshimov]

Thank you for the comment. I believe there is no module that aware the differences of Goldfinger::NotFoundError and Goldfinger::SSLError. And the temporal down of the instance also causes HTTPError, so we should treat these errors as same. Moreover, if the instance is using redirection of the http port to https port, there is no MITM threat, and I think the most of public instances are using redirection.

[yoshimov]

I just updated to retry with http only when the LOCAL_HTTPS setting is not true.

[zauberstuhl]

I am working on a federation testsuite and want to implement mastodon as well. Since all federation tests happen in a docker environment.. using SSL is a bit much overhead.

I am also interested in using LOCAL_HTTPS as a ssl switch :+1: