Merge pull request #362 from jehiah/ssl_insecure_skip_verify_362

Option to skip SSL verification
This commit is contained in:
Jehiah Czebotar 2017-03-29 11:02:26 -04:00 committed by GitHub
commit 93852a24cb
4 changed files with 23 additions and 9 deletions

View File

@ -200,6 +200,7 @@ Usage of oauth2_proxy:
-signature-key="": GAP-Signature request signature key (algorithm:secretkey) -signature-key="": GAP-Signature request signature key (algorithm:secretkey)
-skip-auth-regex=: bypass authentication for requests path's that match (may be given multiple times) -skip-auth-regex=: bypass authentication for requests path's that match (may be given multiple times)
-skip-provider-button=false: will skip sign-in-page to directly reach the next step: oauth/start -skip-provider-button=false: will skip sign-in-page to directly reach the next step: oauth/start
-ssl-insecure-skip-verify: skip validation of certificates presented when using HTTPS
-tls-cert="": path to certificate file -tls-cert="": path to certificate file
-tls-key="": path to private key file -tls-key="": path to private key file
-upstream=: the http url(s) of the upstream endpoint or file:// paths for static files. Routing is based on the path -upstream=: the http url(s) of the upstream endpoint or file:// paths for static files. Routing is based on the path

View File

@ -54,6 +54,10 @@
## optional directory with custom sign_in.html and error.html ## optional directory with custom sign_in.html and error.html
# custom_templates_dir = "" # custom_templates_dir = ""
## skip SSL checking for HTTPS requests
# ssl_insecure_skip_verify = false
## Cookie Settings ## Cookie Settings
## Name - the cookie name ## Name - the cookie name
## Secret - the seed string for secure cookies; should be 16, 24, or 32 bytes ## Secret - the seed string for secure cookies; should be 16, 24, or 32 bytes

View File

@ -38,6 +38,7 @@ func main() {
flagSet.Bool("pass-host-header", true, "pass the request Host Header to upstream") flagSet.Bool("pass-host-header", true, "pass the request Host Header to upstream")
flagSet.Var(&skipAuthRegex, "skip-auth-regex", "bypass authentication for requests path's that match (may be given multiple times)") flagSet.Var(&skipAuthRegex, "skip-auth-regex", "bypass authentication for requests path's that match (may be given multiple times)")
flagSet.Bool("skip-provider-button", false, "will skip sign-in-page to directly reach the next step: oauth/start") flagSet.Bool("skip-provider-button", false, "will skip sign-in-page to directly reach the next step: oauth/start")
flagSet.Bool("ssl-insecure-skip-verify", false, "skip validation of certificates presented when using HTTPS")
flagSet.Var(&emailDomains, "email-domain", "authenticate emails with the specified domain (may be given multiple times). Use * to authenticate any email") flagSet.Var(&emailDomains, "email-domain", "authenticate emails with the specified domain (may be given multiple times). Use * to authenticate any email")
flagSet.String("azure-tenant", "common", "go to a tenant-specific or common (tenant-independent) endpoint.") flagSet.String("azure-tenant", "common", "go to a tenant-specific or common (tenant-independent) endpoint.")

View File

@ -2,6 +2,7 @@ package main
import ( import (
"crypto" "crypto"
"crypto/tls"
"encoding/base64" "encoding/base64"
"fmt" "fmt"
"net/http" "net/http"
@ -55,6 +56,7 @@ type Options struct {
PassHostHeader bool `flag:"pass-host-header" cfg:"pass_host_header"` PassHostHeader bool `flag:"pass-host-header" cfg:"pass_host_header"`
SkipProviderButton bool `flag:"skip-provider-button" cfg:"skip_provider_button"` SkipProviderButton bool `flag:"skip-provider-button" cfg:"skip_provider_button"`
PassUserHeaders bool `flag:"pass-user-headers" cfg:"pass_user_headers"` PassUserHeaders bool `flag:"pass-user-headers" cfg:"pass_user_headers"`
SSLInsecureSkipVerify bool `flag:"ssl-insecure-skip-verify" cfg:"ssl_insecure_skip_verify"`
// These options allow for other providers besides Google, with // These options allow for other providers besides Google, with
// potential overrides. // potential overrides.
@ -99,7 +101,6 @@ func NewOptions() *Options {
PassUserHeaders: true, PassUserHeaders: true,
PassAccessToken: false, PassAccessToken: false,
PassHostHeader: true, PassHostHeader: true,
SkipProviderButton: false,
ApprovalPrompt: "force", ApprovalPrompt: "force",
RequestLogging: true, RequestLogging: true,
} }
@ -205,6 +206,13 @@ func (o *Options) Validate() error {
msgs = parseSignatureKey(o, msgs) msgs = parseSignatureKey(o, msgs)
msgs = validateCookieName(o, msgs) msgs = validateCookieName(o, msgs)
if o.SSLInsecureSkipVerify {
insecureTransport := &http.Transport{
TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
}
http.DefaultClient = &http.Client{Transport: insecureTransport}
}
if len(msgs) != 0 { if len(msgs) != 0 {
return fmt.Errorf("Invalid configuration:\n %s", return fmt.Errorf("Invalid configuration:\n %s",
strings.Join(msgs, "\n ")) strings.Join(msgs, "\n "))