Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Is there anyway to ignore SSL validation? #1237

Closed
v2codes opened this issue May 22, 2020 · 2 comments · Fixed by #1377
Closed

Is there anyway to ignore SSL validation? #1237

v2codes opened this issue May 22, 2020 · 2 comments · Fixed by #1377
Assignees
@raman-m
Labels
bug Identified as a potential bug merged Issue has been merged to dev and is waiting for the next release

Comments

@v2codes
Copy link

v2codes commented May 22, 2020

In my case:
At the development environment, I use the dynamic routing with Consul,and all Services start up with HTTPS。
I got SSL connection error, like this:
image

Steps to Reproduce the Problem

ocelot.json config :
image

Specifications

  • Version: 15.0.6
@v2codes
Copy link
Author

v2codes commented May 22, 2020

I tried resolve like this, and it worked.
By the way, In multiple configuration file case , just need to configure "DangerousAcceptAnyServerCertificateValidator" to "true" for this problem. But it doesn't work for dynamic routing.
So I‘m not sure it's the best way to resolve it.
I'm looking forward to your help, tks very much.

Here is my way.

Startup file

services.AddOcelot(Configuration).AddConsul().AddPolly().AddDelegatingHandler<IgnoreSSLValidateDelegatingHandler>(true);

IgnoreSSLValidateDelegatingHandler
`

public class IgnoreSSLValidateDelegatingHandler : DelegatingHandler
{
    private readonly X509CertificateCollection _certificates = new X509CertificateCollection();
    public IgnoreSSLValidateDelegatingHandler()
    {
    }
    protected override async Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, System.Threading.CancellationToken cancellationToken)
    {
        var inner = InnerHandler;
        while (inner is DelegatingHandler)
        {
            inner = ((DelegatingHandler)inner).InnerHandler;
        }
        // inner is HttpClientHandler
        if (inner is HttpClientHandler httpClientHandler)
        {
            if (httpClientHandler.ServerCertificateCustomValidationCallback == null)
            {
                httpClientHandler.ServerCertificateCustomValidationCallback = (message, cert, chain, errors) =>
                {
                    return true;
                };
            }
        }
        return await base.SendAsync(request, cancellationToken);
    }
}

`

@raman-m
Copy link
Member

raman-m commented Sep 25, 2023
edited

@v2codes It is very strange that DangerousAcceptAnyServerCertificateValidator property did not help you.
Do you think the PR #1377 will solve the problem? I think so.

Did you debug the code to figure out why dynamic routing switched off the DangerousAcceptAnyServerCertificateValidator property?

@raman-m raman-m self-assigned this Sep 25, 2023
@raman-m raman-m added the bug Identified as a potential bug label Sep 25, 2023
@raman-m raman-m linked a pull request Sep 25, 2023 that will close this issue
#1375 #1237 #925 #920 Fix DownstreamRoute DangerousAcceptAnyServerCertificateValidator #1377
Merged
@raman-m raman-m mentioned this issue Sep 25, 2023
Merged
raman-m added a commit that referenced this issue Sep 28, 2023
@zqlovejyc @raman-m
#1375 #1237 #925 #920 Fix DownstreamRoute DangerousAcceptAnyServerCer…
fa179bf 
…tificateValidator (#1377)

* Fix/1375 fix DownstreamRoute DangerousAcceptAnyServerCertificateValidator does not work

* Fix the exception when RoundRobin services is empty

* Fix build errors

* IDE0063 'using' statement can be simplified

* IDE0051 Private member 'StreamCopyBufferSize' is unused

* Use nameof() in string interpolations

* @RaynaldM code review

* Code review. Refactor method

* Organize folders for WebSockets feature

* Add unit tests class for WebSockets feature

* Refactor middleware to make it suitable for unit testing

* Add unit test

* Review current acceptance tests for WebSockets

* Review

---------

Co-authored-by: raman-m <dotnet044@gmail.com>
@raman-m raman-m added the merged Issue has been merged to dev and is waiting for the next release label Sep 28, 2023
@raman-m raman-m mentioned this issue Oct 3, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@raman-m raman-m

Labels
bug Identified as a potential bug merged Issue has been merged to dev and is waiting for the next release
Projects
None yet
Milestone
No milestone
2 participants
@raman-m @v2codes