Skip to content
This repository has been archived by the owner on Jan 24, 2019. It is now read-only.

Can't skip validation of self signed certificate #403

Open
ediaz030 opened this issue Jun 12, 2017 · 4 comments · May be fixed by #651
Open

Can't skip validation of self signed certificate #403

ediaz030 opened this issue Jun 12, 2017 · 4 comments · May be fixed by #651
Labels
bug

Comments

@ediaz030
Copy link

In my development environment my upstream server has a self signed certificate. I have tried using the --ssl-insecure-skip-verify=true option, but I still receive the following error:

2017/06/12 16:46:22 reverseproxy.go:316: http: proxy error: x509: certificate signed by unknown authority
@Stovoy
Copy link

Stovoy commented Jun 17, 2017

I am seeing the same issue.

@kongslund
Copy link

@ediaz030, which provider are you using? I encountered this with the OIDC provider (#389) due to a bug in Validate in options.go.

@funkypenguin
Copy link

funkypenguin commented Aug 27, 2017
edited
Loading

Same issue here using GitHub as a provider

@ploxiln
Copy link
Contributor

ploxiln commented Aug 27, 2017

#362 added this option by setting a custom http.DefaultClient, but it looks like what needs to be changed is http.DefaultTransport because that's what httputil.ReverseProxy uses if a custom Transport is not set for it.

(DefaultClient defaults to DefaultTransport, but it looks like ReverseProxy does not use DefaultClient)

There appear to be no pull requests that attempt to fix this yet, yours could be the first. (No promises on review or merging though, this repo is somewhat under-maintained.)

@jehiah jehiah added the bug label Aug 29, 2017
@ploxiln ploxiln mentioned this issue Dec 20, 2017
Open
@hrenod hrenod mentioned this issue Jun 19, 2018
Open
vaLski added a commit to vaLski/oauth2_proxy that referenced this issue Sep 14, 2018
@vaLski
options.go - Make sure to set the default transport to insecure, if t…
3899576 
…he operator requested so via --ssl-insecure-skip-verify=true or ssl_insecure_skip_verify = true.

This commit should fix bitly#403
@vaLski vaLski linked a pull request Sep 14, 2018 that will close this issue
Open
ploxiln pushed a commit to ploxiln/oauth2_proxy that referenced this issue Nov 22, 2018
@vaLski @ploxiln
make ssl-insecure-skip-verify apply to DefaultTransport
7f05fe9 
not just DefaultClient

fixes bitly#403
@lentzi90 lentzi90 mentioned this issue Feb 25, 2019
Closed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
bug
Milestone
No milestone
6 participants
@jehiah @ploxiln @funkypenguin @kongslund @Stovoy @ediaz030