-
-
Notifications
You must be signed in to change notification settings - Fork 569
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Self-Signed] Ability to ignore cert checks for upstream servers #536
Comments
@sam-kleiner Thanks for bringing this to my notice. Indeed currently hostname check is hardcoded here proxy.py/proxy/core/connection/server.py Line 42 in 06a84ae
In future release I will look to expose these via existing (or new) proxy plugin callbacks. I think we must also add
but need to experiment before confirmation. Can you try and hardcode Please let me know, will look into how to expose them via plugins. |
@sam-kleiner Another quick option which came to me while updating title of this issue:
Ofcourse, if we opt for such a solution, this is a hardcoded use case hidden behind a flag rather than a dynamic configuration ability. Wdyt? |
This is an even better option :). Looking to address this for upcoming |
hi, do we have a boolean command line flag which indicates whether to bypass cert check for self-signed upstreams now? thanks for your reply. @abhinavsingh |
Hi Lyz, Unfortunately no. I never got to supporting this officially. Having said that, I will try to spend sometime coming weekend and see what can we do to get this out quickly. Thanks for bring this back to my attention. Best |
@abhinavsingh Thank you very much for your timely reply. This project is very meaningful and helpful to my project, so if you updated the code of cert check for self-signed upstreams, please remind me. Thank you! |
Any update on this? |
@thiagobenine @lyz04551 Thank you for bringing this back. It got off the radar somehow. Lemme jump onto this over the coming weekend. Hopefully we'll have something out soon. Best |
@thiagobenine We have a use case to do this on condition. Any plans to work on this? |
Is your feature request related to a problem? Please describe.
I am unable to use proxy.py when the upstream is using a self signed cert when using mitm mode. I have no issues using this with properly signed certs.
Describe the solution you'd like
An option to ignore upstream certificates when using mitm mode.
--ignore-upstream-ssl
Describe alternatives you've considered
An option to specify certs to verify against when calling the upstream on a per domain basis
--upstream-verify localhost=/path/to/cert --upstream-verify nginx.local=/path/to/cert2
Additional context
The following error occurs when trying to mitm an upstream with an unsigned cert.
The text was updated successfully, but these errors were encountered: