kubernetes-client · brendandburns · Mar 24, 2018 · Mar 22, 2018 · tintoy · Mar 22, 2018
diff --git a/examples/exec/Exec.cs b/examples/exec/Exec.cs
@@ -0,0 +1,34 @@
+using System;
+using System.Threading.Tasks;
+using k8s;
+using k8s.Models;
+
+namespace exec
+{
+    internal class Exec
+    {
+        private static async Task Main(string[] args)
+        {
+            var config = KubernetesClientConfiguration.BuildConfigFromConfigFile();
+            IKubernetes client = new Kubernetes(config);
+            Console.WriteLine("Starting Request!");
+
+            var list = client.ListNamespacedPod("default");
+            var pod = list.Items[0];
+            await ExecInPod(client, pod);
+        }
+
+        private async static Task ExecInPod(IKubernetes client, V1Pod pod) {
+            var webSocket = await client.WebSocketNamespacedPodExecAsync(pod.Metadata.Name, "default", "ls", pod.Spec.Containers[0].Name);
+
+            var demux = new StreamDemuxer(webSocket);
+            demux.Start();
+
+            var buff = new byte[4096];
+            var stream = demux.GetStream(1, 1);
+            var read = stream.Read(buff, 0, 4096);
+            var str = System.Text.Encoding.Default.GetString(buff);
+            Console.WriteLine(str);
+        }
+    }
+}
diff --git a/examples/exec/exec.csproj b/examples/exec/exec.csproj
@@ -0,0 +1,13 @@
+<Project Sdk="Microsoft.NET.Sdk">
+
+  <ItemGroup>
+    <ProjectReference Include="..\..\src\KubernetesClient.csproj" />
+  </ItemGroup>
+
+  <PropertyGroup>
+    <OutputType>Exe</OutputType>
+    <TargetFramework>netcoreapp2.1</TargetFramework>
+    <LangVersion>7.1</LangVersion>
+  </PropertyGroup>
+
+</Project>
diff --git a/src/Kubernetes.ConfigInit.cs b/src/Kubernetes.ConfigInit.cs
@@ -38,6 +38,7 @@ public Kubernetes(KubernetesClientConfiguration config, params DelegatingHandler
             }
 
             CaCert = config.SslCaCert;
+            SkipTlsVerify = config.SkipTlsVerify;
 
             if (BaseUri.Scheme == "https")
             {
@@ -59,10 +60,15 @@ public Kubernetes(KubernetesClientConfiguration config, params DelegatingHandler
                     }
 
 #if NET452
-                    ((WebRequestHandler) HttpClientHandler).ServerCertificateValidationCallback =
-                        CertificateValidationCallBack;
+                    ((WebRequestHandler) HttpClientHandler).ServerCertificateValidationCallback = (sender, certificate, chain, sslPolicyErrors) =>
+                    {
+                        return Kubernetes.CertificateValidationCallBack(sender, CaCert, certificate, chain, sslPolicyErrors);
+                    };
 #else
-                    HttpClientHandler.ServerCertificateCustomValidationCallback = CertificateValidationCallBack;
+                    HttpClientHandler.ServerCertificateCustomValidationCallback = (sender, certificate, chain, sslPolicyErrors) => 
+                    {
+                        return Kubernetes.CertificateValidationCallBack(sender, CaCert, certificate, chain, sslPolicyErrors);
+                    };
 #endif
                 }
             }
@@ -73,6 +79,8 @@ public Kubernetes(KubernetesClientConfiguration config, params DelegatingHandler
 
         private X509Certificate2 CaCert { get; }
 
+        private bool SkipTlsVerify { get; }
+
         partial void CustomInitialize()
         {
 #if NET452
@@ -151,8 +159,9 @@ private void SetCredentials(KubernetesClientConfiguration config, HttpClientHand
         /// <param name="sslPolicyErrors">ssl policy errors</param>
         /// <returns>true if valid cert</returns>
         [SuppressMessage("Microsoft.Usage", "CA1801:ReviewUnusedParameters", Justification = "Unused by design")]
-        private bool CertificateValidationCallBack(
+        public static bool CertificateValidationCallBack(
             object sender,
+            X509Certificate2 caCert,
             X509Certificate certificate,
             X509Chain chain,
             SslPolicyErrors sslPolicyErrors)
@@ -169,7 +178,7 @@ private bool CertificateValidationCallBack(
                 chain.ChainPolicy.RevocationMode = X509RevocationMode.NoCheck;
 
                 // add all your extra certificate chain
-                chain.ChainPolicy.ExtraStore.Add(CaCert);
+                chain.ChainPolicy.ExtraStore.Add(caCert);
                 chain.ChainPolicy.VerificationFlags = X509VerificationFlags.AllowUnknownCertificateAuthority;
                 var isValid = chain.Build((X509Certificate2) certificate);
                 return isValid;

diff --git a/src/Kubernetes.WebSocket.cs b/src/Kubernetes.WebSocket.cs
@@ -226,18 +226,20 @@ public partial class Kubernetes
 
 #if NETCOREAPP2_1
             if (this.CaCert != null)
+            {
                 webSocketBuilder.ExpectServerCertificate(this.CaCert);
-            else
+            }
+            if (this.SkipTlsVerify)
+            {
                 webSocketBuilder.SkipServerCertificateValidation();
-
+            }
             webSocketBuilder.Options.RequestedSubProtocols.Add(K8sProtocol.ChannelV1);
 #endif // NETCOREAPP2_1
 
             // Send Request
             cancellationToken.ThrowIfCancellationRequested();
 
             WebSocket webSocket = null;
-
             try
             {
                 webSocket = await webSocketBuilder.BuildAndConnectAsync(uri, CancellationToken.None).ConfigureAwait(false);
@@ -258,7 +260,6 @@ public partial class Kubernetes
                     ServiceClientTracing.Exit(invocationId, null);
                 }
             }
-
             return webSocket;
         }
     }

diff --git a/src/WebSocketBuilder.NetCoreApp2.1.cs b/src/WebSocketBuilder.NetCoreApp2.1.cs
@@ -39,34 +39,10 @@ public WebSocketBuilder AddClientCertificate(X509Certificate2 certificate)
 
         public WebSocketBuilder ExpectServerCertificate(X509Certificate2 serverCertificate)
         {
-            Options.ServerCertificateCustomValidationCallback = (sender, certificate, chain, sslPolicyErrors) =>
+            Options.ServerCertificateCustomValidationCallback = (sender, certificate, chain, sslPolicyErrors) => 
             {
-                if (sslPolicyErrors != SslPolicyErrors.RemoteCertificateChainErrors)
-                {
-                    return false;
-                }
-
-                try
-                {
-                    using (X509Chain certificateChain = new X509Chain())
-                    {
-                        certificateChain.ChainPolicy.ExtraStore.Add(serverCertificate);
-                        certificateChain.ChainPolicy.VerificationFlags = X509VerificationFlags.AllowUnknownCertificateAuthority;
-                        certificateChain.ChainPolicy.RevocationMode = X509RevocationMode.NoCheck;
-
-                        return certificateChain.Build(
-                            (X509Certificate2)certificate
-                        );
-                    }
-                }
-                catch (Exception chainException)
-                {
-                    Debug.WriteLine(chainException);
-
-                    return false;
-                }
+                return Kubernetes.CertificateValidationCallBack(sender, serverCertificate, certificate, chain, sslPolicyErrors);
             };
-
             return this;
         }