go/oauth2-proxy
1
0
Fork 0
mirror of https://github.com/oauth2-proxy/oauth2-proxy.git synced 2025-08-08 22:46:33 +02:00
Code Issues Releases Activity

Merge pull request #2803 from tuunit/bugfix/self-signed-certificate-handling

Browse Source 
fix: self signed certificate handling in v7.7.0
This commit is contained in:
Joel Speed
2024-10-07 11:54:22 +01:00
committed by GitHub
parent cda641473f 4bd920b208
commit d68336dcf4
3 changed files with 9 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
CHANGELOG.md
View File

@@ -8,6 +8,8 @@
## Changes since v7.7.0 ## Changes since v7.7.0
- [#2803](https://github.com/oauth2-proxy/oauth2-proxy/pull/2803) fix: self signed certificate handling in v7.7.0 (@tuunit)
# V7.7.0 # V7.7.0
## Release Highlights ## Release Highlights

4
pkg/requests/http.go
View File

@@ -18,10 +18,12 @@ func (t *userAgentTransport) RoundTrip(req *http.Request) (*http.Response, error
} }
var DefaultHTTPClient = &http.Client{Transport: &userAgentTransport{ var DefaultHTTPClient = &http.Client{Transport: &userAgentTransport{
next: http.DefaultTransport, next: DefaultTransport,
userAgent: "oauth2-proxy/" + version.VERSION, userAgent: "oauth2-proxy/" + version.VERSION,
}} }}
var DefaultTransport = http.DefaultTransport
func setDefaultUserAgent(header http.Header, userAgent string) { func setDefaultUserAgent(header http.Header, userAgent string) {
if header != nil && len(header.Values("User-Agent")) == 0 { if header != nil && len(header.Values("User-Agent")) == 0 {
header.Set("User-Agent", userAgent) header.Set("User-Agent", userAgent)

11
pkg/validation/options.go
View File

@@ -13,6 +13,7 @@ import (
"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/ip" "github.com/oauth2-proxy/oauth2-proxy/v7/pkg/ip"
"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/logger" "github.com/oauth2-proxy/oauth2-proxy/v7/pkg/logger"
internaloidc "github.com/oauth2-proxy/oauth2-proxy/v7/pkg/providers/oidc" internaloidc "github.com/oauth2-proxy/oauth2-proxy/v7/pkg/providers/oidc"
"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/requests"
"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/util" "github.com/oauth2-proxy/oauth2-proxy/v7/pkg/util"
) )
@@ -30,20 +31,16 @@ func Validate(o *options.Options) error {
msgs = parseSignatureKey(o, msgs) msgs = parseSignatureKey(o, msgs)
if o.SSLInsecureSkipVerify { if o.SSLInsecureSkipVerify {
insecureTransport := &http.Transport{ transport := requests.DefaultTransport.(*http.Transport)
TLSClientConfig: &tls.Config{InsecureSkipVerify: true}, // #nosec G402 -- InsecureSkipVerify is a configurable option we allow transport.TLSClientConfig = &tls.Config{InsecureSkipVerify: true} // #nosec G402 -- InsecureSkipVerify is a configurable option we allow
}
http.DefaultClient = &http.Client{Transport: insecureTransport}
} else if len(o.Providers[0].CAFiles) > 0 { } else if len(o.Providers[0].CAFiles) > 0 {
pool, err := util.GetCertPool(o.Providers[0].CAFiles, o.Providers[0].UseSystemTrustStore) pool, err := util.GetCertPool(o.Providers[0].CAFiles, o.Providers[0].UseSystemTrustStore)
if err == nil { if err == nil {
transport := http.DefaultTransport.(*http.Transport).Clone() transport := requests.DefaultTransport.(*http.Transport)
transport.TLSClientConfig = &tls.Config{ transport.TLSClientConfig = &tls.Config{
RootCAs: pool, RootCAs: pool,
MinVersion: tls.VersionTLS12, MinVersion: tls.VersionTLS12,
} }
http.DefaultClient = &http.Client{Transport: transport}
} else { } else {
msgs = append(msgs, fmt.Sprintf("unable to load provider CA file(s): %v", err)) msgs = append(msgs, fmt.Sprintf("unable to load provider CA file(s): %v", err))
} }