From 57a33654f7f48419e27b57cbe2050a278b4506cd Mon Sep 17 00:00:00 2001
From: Eugene Bujak <hmage@hmage.net>
Date: Tue, 12 Feb 2019 21:14:23 +0300
Subject: [PATCH] Certificate that doesn't go through the chain is not fatal,
 just send the warning over json.

---
 config.go  | 1 +
 control.go | 4 ++--
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/config.go b/config.go
index 21700586..6d2cb05a 100644
--- a/config.go
+++ b/config.go
@@ -74,6 +74,7 @@ type tlsConfig struct {
 	StatusCertificate string `yaml:"status_cert" json:"status_cert,omitempty"`
 	StatusKey         string `yaml:"status_key" json:"status_key,omitempty"`
 	Warning           string `yaml:"warning" json:"warning,omitempty"`
+	WarningValidation string `yaml:"warning_validation" json:"warning_validation,omitempty"`
 }
 
 // initialize to default values, will be changed later when reading config or parsing command line
diff --git a/control.go b/control.go
index 72996c59..d9c56e5b 100644
--- a/control.go
+++ b/control.go
@@ -1147,8 +1147,8 @@ func validateCertificates(data tlsConfig) (tlsConfig, error) {
 		mainCert := parsedCerts[0]
 		_, err := mainCert.Verify(opts)
 		if err != nil {
-			// TODO: let self-signed certs through
-			return data, errorx.Decorate(err, "Your certificate does not verify")
+			// let self-signed certs through
+			data.WarningValidation = fmt.Sprintf("Your certificate does not verify: %s", err)
 		}
 		// spew.Dump(chains)