DeforaNetworks/corteza
3
0
Fork 0
Code Activity

Fix TSL=>TLS typo, fixes #156

Browse Source
This commit is contained in:
Denis Arh
2021-03-28 09:25:11 +02:00
parent 398f1d0aca
commit 5d8301f4b5
5 changed files with 15 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
app/boot_levels.go
View File

@@ -111,7 +111,7 @@ func (app *CortezaApp) Setup() (err error) {
http.SetupDefaults(
app.Opt.HTTPClient.HttpClientTimeout,
app.Opt.HTTPClient.ClientTSLInsecure,
app.Opt.HTTPClient.ClientTLSInsecure,
)
monitor.Setup(app.Log, app.Opt.Monitor)

8
pkg/http/default.go
View File

@@ -8,16 +8,16 @@ import (
)
// SetupDefaults Reconfigures defaults for HTTP client & transport
func SetupDefaults(timeout time.Duration, tslInsecure bool) {
if tslInsecure {
func SetupDefaults(timeout time.Duration, tlsInsecure bool) {
if tlsInsecure {
// This will allow HTTPS requests to insecure hosts (expired, wrong host, self signed, untrusted root...)
// With this enabled, features like OIDC auto-discovery should work on any of examples found on badssl.com.
//
// With SYSTEM_HTTP_CLIENT_TSL_INSECURE=0 (default) next command returns 404 error (expected)
// > ./system external-auth auto-discovery foo-tsl-1 https://expired.badssl.com/
// > ./system external-auth auto-discovery foo-tls-1 https://expired.badssl.com/
//
// Without SYSTEM_HTTP_CLIENT_TSL_INSECURE=1 next command returns "x509: certificate has expired or is not yet valid"
// > ./system external-auth auto-discovery foo-tsl-1 https://expired.badssl.com/
// > ./system external-auth auto-discovery foo-tls-1 https://expired.badssl.com/
//
http.DefaultTransport.(*http.Transport).TLSClientConfig = &tls.Config{InsecureSkipVerify: true}
http.DefaultTransport.(*http.Transport).DialContext = (&net.Dialer{Timeout: timeout}).DialContext

2
pkg/options/HTTPClient.gen.go
View File

@@ -14,7 +14,7 @@ import (
type (
HTTPClientOpt struct {
ClientTSLInsecure bool `env:"HTTP_CLIENT_TSL_INSECURE"`
ClientTSLInsecure bool `env:"HTTP_CLIENT_TLS_INSECURE"`
HttpClientTimeout time.Duration `env:"HTTP_CLIENT_TIMEOUT"`
}
)

7
pkg/options/HTTPClient.go Normal file
View File

@@ -0,0 +1,7 @@
package options
func (o *HTTPClientOpt) Defaults() {
// just in case anyone used env var with the typo (before it was fixed)
o.ClientTSLInsecure = EnvBool("HTTP_CLIENT_TSL_INSECURE", o.ClientTSLInsecure)
}

4
pkg/options/HTTPClient.yaml
View File

@@ -7,10 +7,10 @@ docs:
props:
- name: clientTSLInsecure
type: bool
env: HTTP_CLIENT_TSL_INSECURE
env: HTTP_CLIENT_TLS_INSECURE
default: false
description: |-
Allow insecure (invalid, expired TSL/SSL certificates) connections.
Allow insecure (invalid, expired TLS/SSL certificates) connections.
[IMPORTANT]
====