Skip to content
Snippets Groups Projects
Unverified Commit 4d21b8a0 authored by yaroslavros's avatar yaroslavros Committed by GitHub
Browse files

Make sure websockets respect ssl-upstream-insecure-skip-verify setting. (#494)


* Make sure websockets respect ssl-upstream-insecure-skip-verify setting.

Signed-off-by: default avatarYaroslav Rosomakho <yaroslavros@gmail.com>

* Updated changelog for websockets taking into account ssl-upstream-insecure-skip-verify

Signed-off-by: default avatarYaroslav Rosomakho <yaroslavros@gmail.com>

Co-authored-by: default avatarHenry Jenkins <henry@henryjenkins.name>
parent c6294c40
Branches
No related tags found
No related merge requests found
...@@ -39,6 +39,7 @@ ...@@ -39,6 +39,7 @@
- [#413](https://github.com/oauth2-proxy/oauth2-proxy/pull/413) Add -set-basic-auth param to set the Basic Authorization header for upstreams (@morarucostel). - [#413](https://github.com/oauth2-proxy/oauth2-proxy/pull/413) Add -set-basic-auth param to set the Basic Authorization header for upstreams (@morarucostel).
- [#483](https://github.com/oauth2-proxy/oauth2-proxy/pull/483) Warn users when session cookies are split (@JoelSpeed) - [#483](https://github.com/oauth2-proxy/oauth2-proxy/pull/483) Warn users when session cookies are split (@JoelSpeed)
- [#488](https://github.com/oauth2-proxy/oauth2-proxy/pull/488) Set-Basic-Auth should default to false (@JoelSpeed) - [#488](https://github.com/oauth2-proxy/oauth2-proxy/pull/488) Set-Basic-Auth should default to false (@JoelSpeed)
- [#494](https://github.com/oauth2-proxy/oauth2-proxy/pull/494) Upstream websockets TLS certificate validation now depends on ssl-upstream-insecure-skip-verify
# v5.1.0 # v5.1.0
......
...@@ -191,6 +191,9 @@ func NewWebSocketOrRestReverseProxy(u *url.URL, opts *Options, auth hmacauth.Hma ...@@ -191,6 +191,9 @@ func NewWebSocketOrRestReverseProxy(u *url.URL, opts *Options, auth hmacauth.Hma
wsScheme := "ws" + strings.TrimPrefix(u.Scheme, "http") wsScheme := "ws" + strings.TrimPrefix(u.Scheme, "http")
wsURL := &url.URL{Scheme: wsScheme, Host: u.Host} wsURL := &url.URL{Scheme: wsScheme, Host: u.Host}
wsProxy = wsutil.NewSingleHostReverseProxy(wsURL) wsProxy = wsutil.NewSingleHostReverseProxy(wsURL)
if opts.SSLUpstreamInsecureSkipVerify {
wsProxy.TLSClientConfig = &tls.Config{InsecureSkipVerify: true}
}
} }
return &UpstreamProxy{ return &UpstreamProxy{
upstream: u.Host, upstream: u.Host,
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment