Commit f0382112 authored by ale's avatar ale

Add option to sso-proxy to set SSL server_name explicitly

parent ff7a1048
Pipeline #770 passed with stages
in 1 minute and 7 seconds
......@@ -20,6 +20,7 @@ import (
type Backend struct {
Host string `yaml:"host"`
Upstream []string `yaml:"upstream"`
ServerName string `yaml:"tls_server_name"`
ClientTLSConfig *clientutil.TLSClientConfig `yaml:"client_tls"`
AllowedGroups []string `yaml:"allowed_groups"`
......@@ -45,6 +46,13 @@ func (b *Backend) newHandler(ssow *httpsso.SSOWrapper) (http.Handler, error) {
if err != nil {
return nil, err
}
// By setting the ServerName on the tls.Config, we
// hope to decouple TLS certificate verification from
// the details of the HTTP Host header included in the
// request, so that the transport layer will work
// regardless of the HTTP request details.
tlsConfig.ServerName = b.ServerName
}
proxy.Transport = clientutil.NewTransport(b.Upstream, tlsConfig, nil)
......
package proxy
import (
"crypto/rand"
"crypto/tls"
"io"
"io/ioutil"
......@@ -32,7 +31,7 @@ func TestProxy(t *testing.T) {
}
defer os.RemoveAll(tmpdir)
pub, priv, err := ed25519.GenerateKey(rand.Reader)
pub, priv, err := ed25519.GenerateKey(nil)
if err != nil {
t.Fatal(err)
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment