Optionally disable certificate validation for proxy connections.
This commit is contained in:
Joachim Bauch
parent
4427953a69
commit
559f1e28ae
|
|
@ -127,6 +127,11 @@ connectionsperhost = 8
|
|||
# - etcd: Proxy URLs are retrieved from an etcd cluster (see below).
|
||||
#urltype = static
|
||||
|
||||
# If set to "true", certificate validation of proxy servers will be skipped.
|
||||
# This should only be enabled during development, e.g. to work with self-signed
|
||||
# certificates.
|
||||
#skipverify = false
|
||||
|
||||
# For type "proxy": the id of the token to use when connecting to proxy servers.
|
||||
#token_id = server1
|
||||
|
||||
|
|
|
|||
|
|
@ -24,6 +24,7 @@ package signaling
|
|||
import (
|
||||
"context"
|
||||
"crypto/rsa"
|
||||
"crypto/tls"
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
"io/ioutil"
|
||||
|
|
@ -68,13 +69,6 @@ const (
|
|||
defaultProxyTimeoutSeconds = 2
|
||||
)
|
||||
|
||||
var (
|
||||
websocketDialer = &websocket.Dialer{
|
||||
Proxy: http.ProxyFromEnvironment,
|
||||
HandshakeTimeout: 45 * time.Second,
|
||||
}
|
||||
)
|
||||
|
||||
type mcuProxyPubSubCommon struct {
|
||||
streamType string
|
||||
proxyId string
|
||||
|
|
@ -568,7 +562,7 @@ func (c *mcuProxyConnection) reconnect() {
|
|||
u.Scheme = "wss"
|
||||
}
|
||||
|
||||
conn, _, err := websocketDialer.Dial(u.String(), nil)
|
||||
conn, _, err := c.proxy.dialer.Dial(u.String(), nil)
|
||||
if err != nil {
|
||||
log.Printf("Could not connect to %s: %s", u, err)
|
||||
c.scheduleReconnect()
|
||||
|
|
@ -974,6 +968,7 @@ type mcuProxy struct {
|
|||
keyInfos map[string]*ProxyInformationEtcd
|
||||
urlToKey map[string]string
|
||||
|
||||
dialer *websocket.Dialer
|
||||
connections []*mcuProxyConnection
|
||||
connectionsMap map[string]*mcuProxyConnection
|
||||
connectionsMu sync.RWMutex
|
||||
|
|
@ -1019,6 +1014,10 @@ func NewMcuProxy(config *goconf.ConfigFile) (Mcu, error) {
|
|||
tokenId: tokenId,
|
||||
tokenKey: tokenKey,
|
||||
|
||||
dialer: &websocket.Dialer{
|
||||
Proxy: http.ProxyFromEnvironment,
|
||||
HandshakeTimeout: proxyTimeout,
|
||||
},
|
||||
connectionsMap: make(map[string]*mcuProxyConnection),
|
||||
proxyTimeout: proxyTimeout,
|
||||
|
||||
|
|
@ -1027,6 +1026,14 @@ func NewMcuProxy(config *goconf.ConfigFile) (Mcu, error) {
|
|||
publisherWaiters: make(map[uint64]chan bool),
|
||||
}
|
||||
|
||||
skipverify, _ := config.GetBool("mcu", "skipverify")
|
||||
if skipverify {
|
||||
log.Println("WARNING: MCU verification is disabled!")
|
||||
mcu.dialer.TLSClientConfig = &tls.Config{
|
||||
InsecureSkipVerify: skipverify,
|
||||
}
|
||||
}
|
||||
|
||||
if urlType == "" {
|
||||
urlType = proxyUrlTypeStatic
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue