From 00443fdfa7bf4d95c2e46fb910d75520dd5b482b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Daniel=20Wei=C3=9Fe?=
 <66256922+daniel-weisse@users.noreply.github.com>
Date: Wed, 15 Jan 2025 13:45:48 +0100
Subject: [PATCH] cli: fix certificate command errors when `--insecure` flag is
 set (#790)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
---
 cli/internal/cmd/certificate.go | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/cli/internal/cmd/certificate.go b/cli/internal/cmd/certificate.go
index 8112a038..136816f0 100644
--- a/cli/internal/cmd/certificate.go
+++ b/cli/internal/cmd/certificate.go
@@ -58,7 +58,9 @@ func runCertificate(saveCert func(writer io.Writer, fh *file.Handler, root, inte
 			return err
 		}
 
-		if !remoteRootCert.Equal(rootCert) {
+		// Skip this check if we're accepting insecure connections
+		// because we don't load the certificate in that case.
+		if !remoteRootCert.Equal(rootCert) && !verifyOpts.InsecureSkipVerify {
 			return errors.New("root certificate of Coordinator changed. Run 'marblerun manifest verify' to verify the instance and update the local cache")
 		}