public_git
/
oauth2-proxy
mirror of https://github.com/oauth2-proxy/oauth2-proxy.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Make sure websockets respect ssl-upstream-insecure-skip-verify setting. (#494) 

* Make sure websockets respect ssl-upstream-insecure-skip-verify setting.

Signed-off-by: Yaroslav Rosomakho <yaroslavros@gmail.com>

* Updated changelog for websockets taking into account ssl-upstream-insecure-skip-verify

Signed-off-by: Yaroslav Rosomakho <yaroslavros@gmail.com>

Co-authored-by: Henry Jenkins <henry@henryjenkins.name>
This commit is contained in:
yaroslavros 2020-04-19 17:41:29 +01:00 committed by GitHub
parent c6294c40a3
commit 4d21b8a04f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
CHANGELOG.md
View File

@ -39,6 +39,7 @@
- [#413](https://github.com/oauth2-proxy/oauth2-proxy/pull/413) Add -set-basic-auth param to set the Basic Authorization header for upstreams (@morarucostel).
- [#483](https://github.com/oauth2-proxy/oauth2-proxy/pull/483) Warn users when session cookies are split (@JoelSpeed)
- [#488](https://github.com/oauth2-proxy/oauth2-proxy/pull/488) Set-Basic-Auth should default to false (@JoelSpeed)
- [#494](https://github.com/oauth2-proxy/oauth2-proxy/pull/494) Upstream websockets TLS certificate validation now depends on ssl-upstream-insecure-skip-verify
# v5.1.0

3
oauthproxy.go
View File

@ -191,6 +191,9 @@ func NewWebSocketOrRestReverseProxy(u *url.URL, opts *Options, auth hmacauth.Hma
wsScheme := "ws" + strings.TrimPrefix(u.Scheme, "http")
wsURL := &url.URL{Scheme: wsScheme, Host: u.Host}
wsProxy = wsutil.NewSingleHostReverseProxy(wsURL)
if opts.SSLUpstreamInsecureSkipVerify {
wsProxy.TLSClientConfig = &tls.Config{InsecureSkipVerify: true}
}
}
return &UpstreamProxy{
upstream: u.Host,