Skip to content

Make sure websockets respect ssl-upstream-insecure-skip-verify setting. #494

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Apr 19, 2020
Merged

Make sure websockets respect ssl-upstream-insecure-skip-verify setting. #494

merged 3 commits into from
Apr 19, 2020

Conversation

yaroslavros
Copy link
Contributor

@yaroslavros yaroslavros commented Apr 17, 2020
edited
Loading

Description

This change makes websockets follow the same certificate validation behaviour as HTTPS.

Motivation and Context

Without this change, websockets have to work over HTTP or always require valid TLS certificate even when ssl-upstream-insecure-skip-verify setting is set.
With this change, websockets TLS verification matches HTTPS.

How Has This Been Tested?

Made a build, verified that websockets now follow same certificate validation rules as HTTPS.

Checklist:

  • My change requires a change to the documentation or CHANGELOG.
  • I have updated the documentation/CHANGELOG accordingly.
  • I have created a feature (non-master) branch for my PR.

Signed-off-by: Yaroslav Rosomakho yaroslavros@gmail.com

Fixes #493

@yaroslavros
Make sure websockets respect ssl-upstream-insecure-skip-verify setting.
4cfbe51 
Signed-off-by: Yaroslav Rosomakho <yaroslavros@gmail.com>
JoelSpeed
JoelSpeed reviewed Apr 18, 2020
View reviewed changes
Copy link
Member

@JoelSpeed JoelSpeed left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code change seems sensible, please update the changelog and then we can merge 🙂

@JoelSpeed JoelSpeed added the bug label Apr 18, 2020
@yaroslavros
Updated changelog for websockets taking into account ssl-upstream-ins…
7f7e054 
…ecure-skip-verify

Signed-off-by: Yaroslav Rosomakho <yaroslavros@gmail.com>
@yaroslavros
Copy link
Contributor Author

yaroslavros commented Apr 18, 2020
edited
Loading

Updated changelog as requested

JoelSpeed
JoelSpeed approved these changes Apr 18, 2020
View reviewed changes
Copy link
Member

@JoelSpeed JoelSpeed left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, Thanks

@steakunderscore steakunderscore merged commit 4d21b8a into oauth2-proxy:master Apr 19, 2020
@ploxiln ploxiln mentioned this pull request Apr 23, 2020
Merged
Jing-ze pushed a commit to Jing-ze/oauth2-proxy that referenced this pull request Nov 19, 2024
@2456868764
add consul cluster (oauth2-proxy#494)
1051201
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@JoelSpeed JoelSpeed JoelSpeed approved these changes

@loshz loshz Awaiting requested review from loshz

+1 more reviewer

@steakunderscore steakunderscore steakunderscore approved these changes

Reviewers whose approvals may not affect merge requirements
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Websockets always require valid upstream cert
3 participants
@yaroslavros @steakunderscore @JoelSpeed