Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

How should we skip ssl verification for self-certification? #1019

Closed
yabuchan opened this issue Aug 25, 2018 · 3 comments
Closed

How should we skip ssl verification for self-certification? #1019

yabuchan opened this issue Aug 25, 2018 · 3 comments
Labels
community working as intended

Comments

@yabuchan
Copy link

Kind: question
Server: minio
Certificate: self-certificate

Description:
I am trying to access minio server with minio-go, but it fails due to unknown authority.

Get https://object-store:9000/test-bucket/?location=: x509: certificate signed by unknown authority

Is there any way to set something like --skip-ssl-verification like minio client, which has --insecure option for skip ssl verification.
@harshavardhana
Copy link
Member

harshavardhana commented Aug 25, 2018
edited

yes - like this

                        // Keep TLS config.
                        tlsConfig := &tls.Config{}
                        if config.Insecure {
                                tlsConfig.InsecureSkipVerify = true
                        }

                        var transport http.RoundTripper = &http.Transport{
                                Proxy: http.ProxyFromEnvironment,
                                DialContext: (&net.Dialer{
                                        Timeout:   30 * time.Second,
                                        KeepAlive: 30 * time.Second,
                                }).DialContext,
                                MaxIdleConns:          100,
                                IdleConnTimeout:       90 * time.Second,
                                TLSHandshakeTimeout:   10 * time.Second,
                                ExpectContinueTimeout: 1 * time.Second,
                                TLSClientConfig:       tlsConfig,
                                // Set this value so that the underlying transport round-tripper
                                // doesn't try to auto decode the body of objects with
                                // content-encoding set to `gzip`.
                                //
                                // Refer:
                                //    https://golang.org/src/net/http/transport.go?h=roundTrip#L1843
                                DisableCompression: true,
                        }

                        // Set custom transport.
                        api.SetCustomTransport(transport)

@yabuchan
Copy link
Author

@harshavardhana Thank you for quick response. It worked!

@suhlig
Copy link

suhlig commented Dec 21, 2018

I came here for the solution (thanks, @harshavardhana), and also found an even shorter way to just skip certificate validation:

api.SetCustomTransport(&http.Transport{TLSClientConfig: &tls.Config{InsecureSkipVerify: true}})

kkellerlbl added a commit to kkellerlbl/blobstore that referenced this issue Dec 8, 2020
@kkellerlbl
Use old style minio.NewWithRegion call
90038ac 
NewWithRegion doesn't seem to like the (url, &minio.Options) call.  Try using the older (documented) style with this for setting a custom transport: minio/minio-go#1019
@tkrop tkrop mentioned this issue Jan 11, 2021
Closed
@kvrhdn kvrhdn mentioned this issue Jun 2, 2022
Closed
@EStork09 EStork09 mentioned this issue Feb 24, 2023
Closed
@cmoulliard cmoulliard mentioned this issue Mar 2, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
community working as intended
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@suhlig @harshavardhana @yabuchan